{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um potenziell beliebigen Code auszuführen, Sicherheitsmechanismen zu umgehen, Daten offenzulegen und zu manipulieren sowie einen Denial-of-Service-Zustand zu verursachen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- MacOS X\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-1304 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1304.json" }, { "category" : "self", "summary" : "WID-SEC-2026-1304 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1304" }, { "category" : "external", "summary" : "Stable Channel Update for Desktop vom 2026-04-28", "url" : "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-36FB406407 vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-36fb406407" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-F5ED344D5C vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-f5ed344d5c" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-2026-AF3F470D38 vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-2026-af3f470d38" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2026:0161-1 vom 2026-05-01", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2Y4NWXB2GWQV7C77QK4NIOHVSKM5KJB4/" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-EPEL-2026-1A398E4F20 vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-1a398e4f20" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-6239 vom 2026-05-04", "url" : "https://lists.debian.org/debian-security-announce/2026/msg00149.html" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-EPEL-2026-C2B734F274 vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c2b734f274" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-EPEL-2026-EAA2514539 vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-eaa2514539" }, { "category" : "external", "summary" : "Fedora Security Advisory FEDORA-EPEL-2026-70912890F2 vom 2026-04-30", "url" : "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-70912890f2" }, { "category" : "external", "summary" : "Release notes for Microsoft Edge Security Updates vom 2026-05-03", "url" : "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#april-30-2026" }, { "category" : "external", "summary" : "IGEL Security Notice ISN-2026-17 vom 2026-05-04", "url" : "https://kb.igel.com/en/security-safety/current/isn-2026-17-critical-chromium-vulnerability" } ], "source_lang" : "en-US", "title" : "Google Chrome/Microsoft Edge: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-05-04T22:00:00.000+00:00", "generator" : { "date" : "2026-05-05T08:06:16.023+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2026-1304", "initial_release_date" : "2026-04-28T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-04-28T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-04-29T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Fedora aufgenommen" }, { "date" : "2026-05-03T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von openSUSE, Fedora und Debian aufgenommen, Microsoft Edge Aufgenommen" }, { "date" : "2026-05-04T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von IGEL aufgenommen" } ], "status" : "final", "version" : "4" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "category" : "product_name", "name" : "Fedora Linux", "product" : { "name" : "Fedora Linux", "product_id" : "74185", "product_identification_helper" : { "cpe" : "cpe:/o:fedoraproject:fedora:-" } } } ], "category" : "vendor", "name" : "Fedora" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<147.0.7727.137", "product" : { "name" : "Google Chrome <147.0.7727.137", "product_id" : "T053387" } }, { "category" : "product_version", "name" : "147.0.7727.137", "product" : { "name" : "Google Chrome 147.0.7727.137", "product_id" : "T053387-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:google:chrome:147.0.7727.137" } } }, { "category" : "product_version_range", "name" : "<147.0.7727.138", "product" : { "name" : "Google Chrome <147.0.7727.138", "product_id" : "T053388" } }, { "category" : "product_version", "name" : "147.0.7727.138", "product" : { "name" : "Google Chrome 147.0.7727.138", "product_id" : "T053388-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:google:chrome:147.0.7727.138" } } } ], "category" : "product_name", "name" : "Chrome" } ], "category" : "vendor", "name" : "Google" }, { "branches" : [ { "category" : "product_name", "name" : "IGEL OS", "product" : { "name" : "IGEL OS", "product_id" : "T017865", "product_identification_helper" : { "cpe" : "cpe:/o:igel:os:-" } } } ], "category" : "vendor", "name" : "IGEL" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<147.0.3912.98", "product" : { "name" : "Microsoft Edge <147.0.3912.98", "product_id" : "T053500" } }, { "category" : "product_version", "name" : "147.0.3912.98", "product" : { "name" : "Microsoft Edge 147.0.3912.98", "product_id" : "T053500-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:edge:147.0.3912.98" } } } ], "category" : "product_name", "name" : "Edge" } ], "category" : "vendor", "name" : "Microsoft" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE openSUSE", "product" : { "name" : "SUSE openSUSE", "product_id" : "T027843", "product_identification_helper" : { "cpe" : "cpe:/o:suse:opensuse:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-7333", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7333" }, { "cve" : "CVE-2026-7334", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7334" }, { "cve" : "CVE-2026-7335", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7335" }, { "cve" : "CVE-2026-7336", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7336" }, { "cve" : "CVE-2026-7337", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7337" }, { "cve" : "CVE-2026-7338", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7338" }, { "cve" : "CVE-2026-7339", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7339" }, { "cve" : "CVE-2026-7340", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7340" }, { "cve" : "CVE-2026-7341", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7341" }, { "cve" : "CVE-2026-7342", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7342" }, { "cve" : "CVE-2026-7343", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7343" }, { "cve" : "CVE-2026-7344", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7344" }, { "cve" : "CVE-2026-7345", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7345" }, { "cve" : "CVE-2026-7346", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7346" }, { "cve" : "CVE-2026-7347", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7347" }, { "cve" : "CVE-2026-7348", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7348" }, { "cve" : "CVE-2026-7349", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7349" }, { "cve" : "CVE-2026-7350", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7350" }, { "cve" : "CVE-2026-7351", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7351" }, { "cve" : "CVE-2026-7352", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7352" }, { "cve" : "CVE-2026-7353", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7353" }, { "cve" : "CVE-2026-7354", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7354" }, { "cve" : "CVE-2026-7355", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7355" }, { "cve" : "CVE-2026-7356", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7356" }, { "cve" : "CVE-2026-7357", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7357" }, { "cve" : "CVE-2026-7358", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7358" }, { "cve" : "CVE-2026-7359", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7359" }, { "cve" : "CVE-2026-7360", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7360" }, { "cve" : "CVE-2026-7361", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7361" }, { "cve" : "CVE-2026-7363", "product_status" : { "known_affected" : [ "2951", "T017865", "T027843", "T053500", "74185", "T053387", "T053388" ] }, "release_date" : "2026-04-28T22:00:00.000+00:00", "title" : "CVE-2026-7363" } ] }