谷歌浏览器Google Chrome稳定版迎来v68正式版首个版本发布,详细版本号为v68.0.3440.75,上一个正式版v67.0.3396.99发布于6月13日,时隔29天Google又发布了新版Chrome浏览器,本次升级主要是更新了42项安全修复和稳定性改进及用户体验。
谷歌浏览器v68正式版新增了一项重大的变化,当加载非HTTPS网站时,该浏览器的处理方式会更加审慎。只要遇到潜在不安全的站点,Chrome都将开始抛出警告信息。虽然不会对日常使用造成太大的影响,但这确实是迄今为止发生的一个重大转变。
谷歌浏览器v67正式版新增站点隔离功能,可以提高Chrome浏览器的整体安全性,保护用户或最大限度地降低广受媒体关注的Spectre安全漏洞可能导致的攻击风险,该漏洞已经不少于比四个变种。此外,更充分地利用智能手机中的各个传感器,并通过全新的WebXR框架(已经整合了VR和AR的诸多API)为移动端设备带来更好的沉浸式体验。而这些API可用于创建例如桌面迷宫等网页游戏或者类似于数字指南针等实用工具。
官方更新日志
Chrome稳定版已经更新到v68.0.3440.75
安全修复程序和奖励
更新包括42项安全修复
[$5000][850350] High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07
[$3000][848914] High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01
[$N/A][842265] High CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-11
[$N/A][841962] High CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-10
[$N/A][840536] High CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-07
[$2000][841280] Medium CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-05-09
[$2000][837275] Medium CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-04-26
[$1000][839822] Medium CVE-2018-6160: URL spoof in Chrome on iOS. Reported by evi1m0 of Bilibili Security Team on 2018-05-04
[$1000][826552] Medium CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu (@shhnjk) on 2018-03-27
[$1000][804123] Medium CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair on 2018-01-21
[$500][849398] Medium CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-06-04
[$500][848786] Medium CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-06-01
[$500][847718] Medium CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-05-30
[$500][835554] Medium CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-21
[$500][833143] Medium CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-04-15
[$500][828265] Medium CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang of Princeton University, Frank Li of UC Berkeley on 2018-04-03
[$500][394518] Medium CVE-2018-6169: Permissions bypass in extension installation . Reported by Sam P on 2014-07-16
[$TBD][862059] Medium CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous on 2018-07-10
[$TBD][851799] Medium CVE-2018-6171: Use after free in WebBluetooth. Reported by [email protected] on 2018-06-12
[$TBD][847242] Medium CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-05-28
[$TBD][836885] Medium CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-04-25
[$N/A][835299] Medium CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-04-20
[$TBD][826019] Medium CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-26
[$N/A][666824] Medium CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn of Google Project Zero on 2016-11-18
[$500][826187] Low CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas (Imperva) on 2018-03-27
[$500][823194] Low CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani on 2018-03-19
[$500][816685] Low CVE-2018-6179: Local file information leak in Extensions. Reported by Anonymous on 2018-02-26
[$500][797461] Low CVE-2018-6044: Request privilege escalation in Extensions . Reported by Rob Wu on 2017-12-23
[$500][791324] Low CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - @AhsanEjazA on 2017-12-03
[866821] Various fixes from internal audits, fuzzing and other initiatives
The following bugs were fixed in previous Chrome releases, but were mistakenly omitted from the release notes at the time:
[$1000][812667] Medium CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu on 2018-02-15
[$500][805905] Medium CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu on 2018-01-25
[$2000][805445] Medium CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu on 2018-01-24
http://googlechromereleases.blogspot.com
Google Chrome 稳定版 官方本地下载地址:
Google Chrome v68.0.3440.75 无更新功能版 32位
https://dl.google.com/release2/chrome/bui_GHiIZ70_68.0.3440.75/68.0.3440.75_chrome_installer.exe
http://dl.google.com/release2/chrome/bui_GHiIZ70_68.0.3440.75/68.0.3440.75_chrome_installer.exe
http://redirector.gvt1.com/edgedl/release2/chrome/bui_GHiIZ70_68.0.3440.75/68.0.3440.75_chrome_installer.exe
https://redirector.gvt1.com/edgedl/release2/chrome/bui_GHiIZ70_68.0.3440.75/68.0.3440.75_chrome_installer.exe
http://www.google.com/dl/release2/chrome/bui_GHiIZ70_68.0.3440.75/68.0.3440.75_chrome_installer.exe
https://www.google.com/dl/release2/chrome/bui_GHiIZ70_68.0.3440.75/68.0.3440.75_chrome_installer.exe
SHA1:64C473A577179941173978DF4A0230C7D189D24A
SHA256:12D718E55AF179E5BBC5A879BCD0AA6EA8F63910A290B175371C3EFB19881C6B
Google Chrome v68.0.3440.75 无更新功能版 64位
https://dl.google.com/release2/chrome/eAFZOqBU52Y_68.0.3440.75/68.0.3440.75_chrome_installer.exe
http://dl.google.com/release2/chrome/eAFZOqBU52Y_68.0.3440.75/68.0.3440.75_chrome_installer.exe
http://redirector.gvt1.com/edgedl/release2/chrome/eAFZOqBU52Y_68.0.3440.75/68.0.3440.75_chrome_installer.exe
https://redirector.gvt1.com/edgedl/release2/chrome/eAFZOqBU52Y_68.0.3440.75/68.0.3440.75_chrome_installer.exe
http://www.google.com/dl/release2/chrome/eAFZOqBU52Y_68.0.3440.75/68.0.3440.75_chrome_installer.exe
https://www.google.com/dl/release2/chrome/eAFZOqBU52Y_68.0.3440.75/68.0.3440.75_chrome_installer.exe
SHA1:6B14EF42DDC6D615DE3C1C6AA38429374E370A7C
SHA256:01FC9AB42A96C7B0C70AA4FDECDD5FC4FC693C040B1E0F50D671AEF2F66510B0
Google Chrome 官方带更新功能版 网盘: