¡¾·ì϶¹«¸æ¡¿Google Chrome V8¶Ñ»º³åÇøÒç¶Âí½Å(CVE-2025-0999)

°ä²¼¹¦·ò 2025-02-20

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Google Chrome V8¶Ñ»º³åÇøÒç¶Âí½Å

CVE   ID

CVE-2025-0999

·ì϶ÀàÐÍ

»º³åÇøÒç³ö

·¢ÏÖ¹¦·ò

2025-02-20

·ì϶ÆÀ·Ö

8.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Google Chrome V8ÊÇÒ»¸ö¸ßЧµÄ¿ªÔ´JavaScriptÒýÇæ £¬£¬£¬ £¬£¬£¬£¬£¬ÓÃÓÚChromeä¯ÀÀÆ÷ºÍNode.jsµÈƽ̨¡£¡£ ¡£¡£¡£¡£V8½«JavaScript´úÂë±àÒëΪ»úеÂë £¬£¬£¬ £¬£¬£¬£¬£¬ÒÔÌá¸ßÖ´ÐÐЧÄÜ £¬£¬£¬ £¬£¬£¬£¬£¬ÓÅ»¯ä¯ÀÀÆ÷»úÄÜ¡£¡£ ¡£¡£¡£¡£ËüÖ§³Ö¼´Ê±±àÒ루JIT£©ºÍÀ¬»ø»ØÊÕ»úÔì £¬£¬£¬ £¬£¬£¬£¬£¬Í¨¹ýÄÚ´æÖÎÀíºÍÓÅ»¯Ëã·¨Ìṩ¸üºÃµÄÔËÐÐËٶȡ£¡£ ¡£¡£¡£¡£V8¿í·ºÓÃÓÚÍøÒ³ºÍÀûÓ÷¨Ê½ÖÐ £¬£¬£¬ £¬£¬£¬£¬£¬ÓÈÆäÔÚ´¦Öø´ÔӵĶ¯Ì¬ÄÚÈÝʱ²û·¢ÓÅÔ½¡£¡£ ¡£¡£¡£¡£¸ÃÒýÇæµÄ¸ßЧÐÔÊÇChromeä¯ÀÀÆ÷Á÷³©ÂÄÀúµÄ³ÁÒª³É·ÖÖ®Ò»¡£¡£ ¡£¡£¡£¡£


2025Äê2ÔÂ20ÈÕ £¬£¬£¬ £¬£¬£¬£¬£¬8827Ì«Ñô¼¯Íż¯ÍÅVSRC¼à²âµ½Google°ä²¼Á˹ØÓÚCVE-2025-0999·ì϶µÄ°²È«²¼¸æ¡£¡£ ¡£¡£¡£¡£²¼¸æÖ¸³ö £¬£¬£¬ £¬£¬£¬£¬£¬Google Chromeä¯ÀÀÆ÷ÖÐV8ÒýÇæ´æÔڶѻº³åÇøÒç¶Âí½Å¡£¡£ ¡£¡£¡£¡£¸Ã·ì϶ӰÏìChrome 133.0.6943.126֮ǰµÄ°æ±¾ £¬£¬£¬ £¬£¬£¬£¬£¬¹¥»÷Õß¿Éͨ¹ý»ú¹Ø¶ñÒâµÄHTMLÒ³Ãæ £¬£¬£¬ £¬£¬£¬£¬£¬ÀûÓø÷ì϶ʵÏÖÔ¶³Ì´úÂëÖ´ÐÐ £¬£¬£¬ £¬£¬£¬£¬£¬´Ó¶ø¿ÉÄܵ¼Ö¶ÑÄÚ´æ·ÛËé¡£¡£ ¡£¡£¡£¡£¸Ã·ì϶µÄCVSSÆÀ·ÖΪ8.8·Ö £¬£¬£¬ £¬£¬£¬£¬£¬·ì϶µÈ¼¶Îª¸ßΣ¡£¡£ ¡£¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


Google Chrome < 133.0.6943.126


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


½¨ÒéÊÜÓ°Ïì°æ±¾µÄÓû§¾¡¿ìÉý¼¶µ½ÒÔÏ°汾 £¬£¬£¬ £¬£¬£¬£¬£¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£¡£ ¡£¡£¡£¡£
Google Chrome °æ±¾ 133.0.6943.126 (Windows¡¢Mac)
Google Chrome °æ±¾ 133.0.6943.127 (Windows¡¢Mac)
Google Chrome °æ±¾ 133.0.6943.126 (Linux)


ÏÂÔØÁ´½Ó£º

https://www.google.cn/intl/zh-CN/chrome/


3.2 һʱ´ëÊ©



ÔÝÎÞ¡£¡£ ¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/394350433
https://nvd.nist.gov/vuln/detail/CVE-2025-0999