The Premise News
Ubuchwepheshe

UGoogle Ukhiphe Ukulungisa Okuphuthumayo KweChrome Ukulungisa Ubuthakathaka Besihlanu Obusetshenziswa Ngo-2026

David Wendel Batista
UGoogle Ukhiphe Ukulungisa Okuphuthumayo KweChrome Ukulungisa Ubuthakathaka Besihlanu Obusetshenziswa Ngo-2026 PHOTO BY The Premise News

UGoogle ukhiphe ukulungisa okuphuthumayo kweChrome ukuvala ubuthakathaka be-zero-day obuhleliwe, obungowesihlanu obusetshenziswa kusukela ekuqaleni kuka-2026. Ubuthakathaka obulandela i-CVE-2026-11645 busendaweni ye-V8 JavaScript engine, ingxenye eyinhloko ecubungula i-JavaScript ne-WebAssembly. Ngokwesaziso sezokuphepha sikaGoogle esikhishwe ngoMsombuluko, ikhodi yokuxhaphaza leli bhubesi isibonakele emhlabeni wonke. Lesi sign esikhundleni sikhombisa inselele eqhubekayo abakhiqizi beziphequluli ababhekana nayo njengoba izinsongo zikhulisa ukuhlasela iziphequluli, eziyindawo ekhangayo kakhulu kubabulali be-inthanethi, amaqembu obunhloli, nabasebenzisi be-spyware yezohwebo.

Isimangaliso Sokulungiswa Okuphuthumayo: I-Chrome Ithola Ukulungiswa

UGoogle waqala ukusabalalisa izinhlobo zeChrome eziphothuliwe kuwo wonke amapulatifomu amakhulu edeskithophu—i-Windows, i-macOS, ne-Linux—ngokushesha ngemva kokutholakala kobuthakathaka ngumcwaningi wezokuphepha ongaziwa. Izakhiwo ezilungisiwe zihlanganisa i-Chrome 149.0.7827.102 ye-Windows ne-Linux, kanye ne-Chrome 149.0.7827.103 ye-macOS. Nakuba inkampani iphawule ukuthi ukusabalala okugcwele kungathatha izinsuku ezimbalwa noma amasonto ngokusebenzisa izindlela ezijwayelekile zokulungisa, abacwaningi bezokuphepha baqinisekisa ukuthi ukulungisa kwatholakala ngokushesha ngokusebenzisa indlela yokulungisa yesandla yeChrome. Abasebenzisi bangakwazi ukuqalisa inqubo ngokuya kumenyu yezilungiselelo zesiphequluli bese bekhetha isigaba esithi “About Google Chrome,” esihlola ngokuzenzakalelayo izikhishwa ezintsha.

Ukusabalala Kuzo Zonke Izinhlelo Zokusebenza

I-patch ikhanda ubuthakathaka obuyingozi kakhulu ngenxa yemvelo yabo njenge-flow yokufunda nokubhala ngaphandle kwemingcele ngaphakathi kwe-V8 engine. Ubuthakathaka obunjalo buvela lapho isofthiwe ifinyelela izindawo zememori ezingalungile ngaphandle kwe-buffer enikeziwe, okuholela ekutheni imemori yonakale, imininingwane ivezwe, izinhlelo ziphazamiseke, futhi kungenzeka ukusebenza kwenkambiso engalungile. UGoogle waxwayisa ukuthi abahlaseli bangase basebenzise i-CVE-2026-11645 ngokusebenzisa i-HTML eyenziwe ngokukhethekile ehlinzekwa ngamawebhusayithi anobungozi noma aphazamisekile. Ukuvakashela ikhasi elinobungozi nje kungase kubangele ukusebenza kobuthakathaka, ngisho nangaphakathi kwemvelo ye-sandbox yeChrome—isendlalelo esibalulekile sokuphepha esakhelwe ukuhlukanisa okuqukethwe kwiwebhu ohlelweni olusebenzayo.

Ubungozi Obukhulu Emkhakheni We-V8: CVE-2026-11645

Ubuthakathaka bokonakala kwememori ezipheqululini buhlala bungenye yezinhlobo ezibaluleke kakhulu zamabhugsi esofthiwe ngoba ngokuvamile asebenza njengesiteji sokuqala sokuhlasela okukhulu. Ngokolwazi olutholakalayo lwezobuchwepheshe, ukusetshenziswa okuyimpumelelo kwe-CVE-2026-11645 kungavumela abahlaseli ukuthi:

  • Bafunde okuqukethwe kwememori ngaphandle kwemingcele emisiwe.
  • Bonakalise izakhiwo zememori ze-heap.
  • Bavezwe imininingwane ebucayi egcinwe ngaphakathi kwezinqubo zesiphequluli.
  • Baqale ukuphazamiseka nokungazinzi kwesiphequluli.
  • Bagweme izindlela zokuvikela imemori.
  • Basize ukuhlasela okwengeziwe kwenkambiso uma behlanganiswa nobunye ubuthakathaka.

Ubuthakathaka bokufinyelela ngaphandle kwemingcele ememori lolu hlobo ngezinye izikhathi buvumela abahlaseli ukugwema izivikelo ezifana ne-Address Space Layout Randomization (ASLR), umshini wokuphepha ohloselwe ukwenza ukusetshenziswa kube nzima kakhulu. Ngokuveza imininingwane yokuhleleka kwememori noma ngokonakalisa izakhiwo ezibalulekile, abadlali bangakwazi ukwandisa ukwethembeka kwezigaba ezilandelayo zokuhlukumeza, okungenzeka kuholele ekutheni uhlelo lonke lonakaliswe uma ubunye ubuthakathaka betholakala.

UGoogle Ugcina Imininingwane Ukuvikela Ukuxhaphaza Okunesithunzi

Njengomkhuba ojwayelekile lapho kuhlaselwa ubuthakathaka obusetshenziswa ngenkuthalo, uGoogle ugweme ukwazisa imininingwane yobuchwepheshe mayelana nokuhlasela. Inkampani yathi ukufinyelela emininingwaneni yebhugi, ikhodi ye-proof-of-concept, nemibhalo ehlobene kuzohlala kuvinjelwe kuze kube yilapho iningi labasebenzisi beChrome selifakile ukulungisa kokuphepha. Le nqubo ihloselwe ukuvikela abahlaseli abangeziwe ekwakheni ukuxhaphaza okunesithunzi ngaphambi kokuba izinhlelo ezisengozini zilungiswe. UGoogle uphinde waveza ukuthi izithiyo zokwazisa zingahlala zikhona uma amaphrojekthi esofthiwe evela kwamanye amakampani athembele ekhodini efanayo engakasebenzi izilungiso ezihambisanayo. Inkampani ayizange iveze ukuthi ubani owathola ubuthakathaka, ubani okungenzeka ewusebenzisa, noma ukuthi ukuhlasela kuhlobene nababulali be-inthanethi abakhuthazwa yimali, abadlali bezwe, noma abathengisi bezokubheka bezohwebo.

I-Chrome Ithola Ukulungiswa Okwesihlanu Ngo-2026

I-CVE-2026-11645 ingubuthakathaka besihlanu obusetshenziswa obulungiswa uGoogle lo nyaka. Inkampani isiphendule uchungechunge lwezingozi ezinkulu zokuphepha phakathi nengxenye yokuqala ka-2026, okuhlanganisa:

  • CVE-2026-2441: Ilungiswe ngoFebhuwari, lolu bhubesi lwalubandakanya izinkinga zokuphazamiseka kwe-iterator ethinta i-CSSFontFeatureValuesMap, ingxenye ephethe ukusingatha izici ze-font ye-CSS ngaphakathi kwesakhiwo se-Chrome.
  • CVE-2026-3909: Kwamenyezelwa ngoMashi, lolu bhubesi lokubhala ngaphandle kwemingcele lwathinta i-Skia graphics library, injini yezithombe enomthombo ovulekile esetshenziswa kakhulu emhlabeni we-Chromium.
  • CVE-2026-3910: Ilungiswe ngoMashi, lolu bhubesi lwalubandakanya ubuthakathaka bokusebenza ngaphakathi kwe-V8 JavaScript ne-WebAssembly engine, okuvumela abahlaseli ukuthi baphathe indlela isiphequluli esisebenza ngayo ngaphansi kwezimo ezithile.
  • CVE-2026-5281: Kukhulunywe ngayo ngo-Ephreli, lolu bhubesi lokusebenzisa ngemva kokukhululwa lwathinta i-Dawn, ukusebenza kukaGoogle kwe-WebGPU standard enika amandla okucubungula izithombe ezithuthukile kanye nokusheshisa kwamahhadisi ngaphakathi kweziphequluli zanamuhla.

Ubuhlakani Bobuthakathaka Bemenmori: Inselele Eqhubekayo

Ubuthakathaka bokuphepha kwememori—kufaka phakathi amabhugi okusebenzisa ngemva kokukhululwa, ukufunda ngaphandle kwemingcele, nokubhala ngaphandle kwemingcele—buyaqhubeka nokubusa emsebenzini wokuhlukumeza iziphequluli naphezu kwemizamo eqhubekayo yabakhiqizi beziphequluli yokuqinisa izivikelo. Ukuvela okuphindaphindayo kwalobu bhubesi kuye kwavuselela izingcingo zokuthi kusetshenziswe izilimi zokuhlela ezilawula ukuphepha kwememori njenge-Rust ngaphakathi kokuthuthukiswa kwesiphequluli. UGoogle, i-Microsoft, nezinye izinkampani zobuchwepheshe ziye zagcizelela kakhulu izinhlelo zokuphepha kwememori ngemva kokuba ucwaningo luveze ukuthi iningi lamabhugi abucayi esofthiwe avela emaphutheni okuphatha imemori. Nakuba i-architecture ye-Chrome isivele ihlanganisa izivikelo eziningi—kuhlanganisa ukuhlukaniswa kwesayithi, i-sandboxing, izinhlelo zokuthola ukuhlukumeza, kanye nokuhlukaniswa kwezinqubo okuthuthukisiwe—izazi zokuphepha ziphikisana ngokuthi ukunciphisa ikhodi engenakuphepha kwememori kusenye yezivikelo ezisebenza kahle kakhulu zesikhathi eside ekulweni nokuhlukumeza iziphequluli.

Umbono we-The Premise News: I-patch ephuthumayo ye-CVE-2026-11645 ingaphezu nje kokulungisa okunye kokuphepha—iyisikhumbuzo esiqinile sokuthi abakhiqizi beziphequluli babambene emfanekisweni ongenakuphephana nabahlaseli ababeletha ubuthakathaka be-zero-day njengezimpahla zohwebo. Njengoba amabhugi amahlanu e-zero-day eChrome eselungisiwe ngo-2026, imvamisa yokusetshenziswa ngenkuthalo isiyisici esichaza isimo samanje sezinsongo. Okusengozini okuphathekayo ukuphepha kwabo bonke abasebenzisi be-inthanethi, njengoba iziphequluli zihlala ziyindlela eyinhloko yomsebenzi, ezezimali, ezokuxhumana, nokuphatha. Umehluko oyisihluthulelo ulele phakathi kokushesha kokuhlukumeza nokusabalala okupholile kwezilungiso, okungashiya izixuku eziningi ziveziwe izinsuku ezimbalwa. Abafundi kumele babheke ukuthi ngabe uGoogle nabanye abakhiqizi bayasheshisa ukusetshenziswa kwezilimi eziphephile njenge-Rust, noma ngabe abahlaseli baqala ukuhlasela inqubo yokulungisa uqobo. Ukubona okubukhali: iqiniso lokuthi i-Threat Analysis Group kaGoogle ivame ukuthola le mikhankaso liphakamisa ukuthi inkampani ingumvikeli futhi ingumthombo oyinhloko wezobunhloli—isikhundla esiyingqayizivele esigcizelela ubukhulu benselele. Ekugcineni, le ndaba ayigxile ebhugini elilodwa; imayelana nobuthakathaka besakhiwo sezwe ledijithali elakhelwe ekhodini eyinkimbinkimbi engaphephile ememorini abahlaseli abazoqhubeka nokuyisebenzisa kuze kube yilapho imboni ishintsha indlela yayo ngokuyisisekelo.

Ucabanga ukuthini?