ニュース

悪用が確認されたセキュリティ欠陥も ~「Google Chrome」に74件の脆弱性

致命的なものも多数、修正版が公開。Windows環境にはv149.0.7827.102/103が展開中

2026年6月9日 16:17

Windows/Mac環境に「Google Chrome」v149.0.7827.102/103が展開中

 米Googleは6月8日(現地時間)、デスクトップ向け「Google Chrome」の安定(Stable)チャネルをアップデートした。現在、Windows/Mac環境にv149.0.7827.102/103が、Linux環境にv149.0.7827.102が展開中だ。

 本リリースは、74件の脆弱性を修正したセキュリティアップデート。CVE番号の付番は以下の通りとなっている。

  • CVE-2026-11628:Use after free in Ozone(Critical)
  • CVE-2026-11629:Use after free in Ozone(Critical)
  • CVE-2026-11630:Use after free in File Input(Critical)
  • CVE-2026-11631:Use after free in Aura(Critical)
  • CVE-2026-11632:Use after free in TabStrip(Critical)
  • CVE-2026-11633:Use after free in Bluetooth(Critical)
  • CVE-2026-11634:Use after free in Gamepad(Critical)
  • CVE-2026-11635:Use after free in Bluetooth(Critical)
  • CVE-2026-11636:Use after free in Autofill(Critical)
  • CVE-2026-11637:Use after free in Views(Critical)
  • CVE-2026-11638:Use after free in Printing(Critical)
  • CVE-2026-11639:Use after free in Compositing(Critical)
  • CVE-2026-11640:Integer overflow in libyuv(Critical)
  • CVE-2026-11641:Use after free in Bluetooth(Critical)
  • CVE-2026-11642:Use after free in Web Apps(Critical)
  • CVE-2026-11643:Use after free in Proxy(Critical)
  • CVE-2026-11644:Use after free in Views(Critical)
  • CVE-2026-11645:Out of bounds memory access in V8(High)
  • CVE-2026-11646:Use after free in ViewTransitions(High)
  • CVE-2026-11647:Use after free in Printing(High)
  • CVE-2026-11648:Use after free in FullScreen(High)
  • CVE-2026-11649:Use after free in V8(High)
  • CVE-2026-11650:Use after free in V8(High)
  • CVE-2026-11651:Use after free in Network(High)
  • CVE-2026-11652:Use after free in Extensions(High)
  • CVE-2026-11653:Insufficient validation of untrusted input in Extensions(High)
  • CVE-2026-11654:Use after free in CameraCapture(High)
  • CVE-2026-11655:Integer overflow in Media(High)
  • CVE-2026-11656:Use after free in ServiceWorker(High)
  • CVE-2026-11657:Use after free in Payments(High)
  • CVE-2026-11658:Insufficient validation of untrusted input in Extensions(High)
  • CVE-2026-11659:Insufficient validation of untrusted input in UI(High)
  • CVE-2026-11660:Insufficient validation of untrusted input in New Tab Page(High)
  • CVE-2026-11661:Use after free in Views(High)
  • CVE-2026-11662:Type Confusion in Bindings(High)
  • CVE-2026-11663:Use after free in Skia(High)
  • CVE-2026-11664:Use after free in Payments(High)
  • CVE-2026-11665:Out of bounds read in Dawn(High)
  • CVE-2026-11666:Insufficient validation of untrusted input in Input(High)
  • CVE-2026-11667:Out of bounds read in WebRTC(High)
  • CVE-2026-11668:Uninitialized Use in Codecs(High)
  • CVE-2026-11669:Integer overflow in Media(High)
  • CVE-2026-11670:Use after free in PDF(High)
  • CVE-2026-11671:Use after free in Navigation(High)
  • CVE-2026-11672:Out of bounds write in GPU(High)
  • CVE-2026-11673:Use after free in InterestGroups(High)
  • CVE-2026-11674:Use after free in Guest View(High)
  • CVE-2026-11675:Insufficient validation of untrusted input in Skia(High)
  • CVE-2026-11676:Insufficient validation of untrusted input in Dawn(High)
  • CVE-2026-11677:Race in Network(High)
  • CVE-2026-11678:Integer overflow in libyuv(High)
  • CVE-2026-11679:Use after free in Codecs(High)
  • CVE-2026-11680:Use after free in Media(High)
  • CVE-2026-11681:Use after free in Ozone(High)
  • CVE-2026-11682:Insufficient validation of untrusted input in Views(High)
  • CVE-2026-11683:Use after free in WebCodecs(High)
  • CVE-2026-11684:Insufficient policy enforcement in Network(High)
  • CVE-2026-11685:Insufficient data validation in MediaCapture(High)
  • CVE-2026-11686:Insufficient validation of untrusted input in Dawn(High)
  • CVE-2026-11687:Use after free in Dawn(High)
  • CVE-2026-11688:Object lifecycle issue in SVG(High)
  • CVE-2026-11689:Insufficient validation of untrusted input in Passwords(High)
  • CVE-2026-11690:Out of bounds read and write in Media(High)
  • CVE-2026-11691:Insufficient validation of untrusted input in New Tab Page(High)
  • CVE-2026-11692:Use after free in Read Anything(High)
  • CVE-2026-11693:Inappropriate implementation in Plugins(High)
  • CVE-2026-11694:Use after free in ServiceWorker(High)
  • CVE-2026-11695:Inappropriate implementation in Passwords(High)
  • CVE-2026-11696:Uninitialized Use in Video(High)
  • CVE-2026-11697:Insufficient validation of untrusted input in UI(High)
  • CVE-2026-11698:Use after free in Bluetooth(High)
  • CVE-2026-11699:Use after free in Bluetooth(High)
  • CVE-2026-11700:Use after free in Tracing(Medium)
  • CVE-2026-11701:Insufficient validation of untrusted input in Guest View(Medium)

 このうち、深刻度が4段階中最高の「Critical」と評価された脆弱性は17件。また、「V8」における範囲外メモリアクセスの脆弱性 「CVE-2026-11645」(High)はすでに悪用の報告がある 。できるだけ早いアップデートが必要だ。

 デスクトップ向け「Google Chrome」はWindows/Mac/Linuxに対応しており、現在、同社のWebサイトから無償でダウンロード可能。Windows版は、Windows 10/11に対応している。すでにインストールされている場合は自動で更新されるが、設定画面(chrome://settings/help)にアクセスすれば手動でアップデート可能。アップデートを完全に適用するには、「Google Chrome」の再起動が必要だ。

Amazonで購入