返回上一页  首页 | cnbeta报时: 15:22:00
Google Chrome 61 正式版发布 加入更多开发者 API
发布日期:2017-09-06 06:37:26  稿源:MacX

Chrome 61 正式版今天发布,并增加了很多开发者相关的功能。在 Mac、Windows 和 Linux 系统中,Chrome 61 开始支持 WebUSB API,以及 PaymentRequest API。高级网络平台 API 支持大多数硬件外设,如键盘、鼠标、打印机和游戏手柄。为了使用教育、科学或工业等专用 USB 外设,用户必须使用系统级权限查找和安装可能不安全的驱动程序和软件。

Chrome现在支持 WebUSB API,在用户同意的情况下允许网络应用与外设通信。这可实现上述设备提供的所有功能,同时仍可保证网络的安全。

PaymentRequest API 可以提供安全、无缝的跨平台结账体验。在 Chrome 61 中,浏览器还支持网络信息 API,这意味着网站可以访问设备信息,比如设备内存 API 可以检测内存占有,以优化网页应用。

在 Android 版 Chrome 61 中,新增加了全新的 Web Share API 网络分享功能,浏览器可以激活 Android 原生分享功能。

Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 61.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$5000][737023] High CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-06-27

[$5000][740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10

[$5000][747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20

[$3500][752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07

[$3000][744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17

[$TBD][759624] High CVE-2017-5116: Type confusion in V8. Reported by Anonymous on 2017-08-28

[$1000][739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04

[$1000][747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24

[$N/A][725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22

[$N/A][718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [762099] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.



我们在FebBox(https://www.febbox.com/cnbeta) 开通了新的频道,更好阅读体验,更及时更新提醒,欢迎前来阅览和打赏。
查看网友评论   返回完整版观看

返回上一页  首页 | cnbeta报时: 15:22:00

文字版  标准版  电脑端

© 2003-2025