谷歌浏览器发布 v91.0.4472.77 正式版更新,这是 v91 首个版本更新,新版本主要进行了安全修复和稳定性改进及用户体验,一起来了解一下。
谷歌浏览器v91正式版主要更新,支持桌面应用程序对剪贴板进行只读访问,该功能将允许用户使用剪贴板键盘快捷键,如Ctrl+C和Ctrl+V,将文件附加到电子邮件中,而不是仅仅依靠拖放方法。默认启用WebTransport和WebAssembly SIMD这两项实验性功能。前者是一套全新的协议框架/标准,适合与远程服务器展开安全的多路传输通信。后者则是WebSockets的一个替代方案,并提供了类似UDP的数据报双向通信API。
谷歌浏览器v90正式版主要更新,引入了许多以用户为中心的功能改进,辅以安全性方面的进一步提升。默认向目标网站链接均启用SSL安全传输协议(HTTPS),全新AV1开源视频编码器的技术支持,高清视频占用大幅减小。新增窗口重命名功能,可重命名已打开的多个窗口,可记住窗口的配置,遇到崩溃重启会自动恢复状态。还有WebXR深度API、启用了URL协议设置程序、效果叠加层、以及安全性方面的诸多改进,比如为了防范缓解NAT Slipstream 2.0攻击,而屏蔽封锁了通过554端口的HTTP/HTTPS/FTP服务器访问。
谷歌浏览器v89正式版主要更新,修复了一个零日漏洞,建议用户尽快更新。优化了对WebHID、WebNFC和Web Serial等适用于HID设备API的支持,此外NFC和串行设备也被认为可以投入生产使用。还初步为WebRTC添加了对AV1编码的支持。此外桌面端还带来了Web Share和Web Share Target支持以及其他增强功能。
安全修复和奖励
googlechromereleases.blogspot.com
Chrome v91.0.4472.77,此更新包括32个安全修复程序。
[$20000][1208721] High CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song on 2021-05-13
[$7500][1176218] High CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos on 2021-02-09
[$7500][1187797] High CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev on 2021-03-13
[$TBD][1197146] High CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg on 2021-04-08
[$TBD][1197888] High CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg on 2021-04-11
[$TBD][1198717] High CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg on 2021-04-13
[$TBD][1199198] High CVE-2021-30527: Use after free in WebUI. Reported by David Erceg on 2021-04-15
[$NA][1206329] High CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab on 2021-05-06
[$7500][1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02
[$7500][1201033] Medium CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon on 2021-04-21
[$5000][1115628] Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-12
[$5000][1117687] Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt on 2020-08-18
[$5000][1145553] Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein on 2020-11-04
[$3000][1151507] Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz on 2020-11-20
[$1000][1194899] Medium CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team on 2021-04-01
[$500][1145024] Medium CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong on 2020-11-03
[$15000][1194358] Low CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls (@salls) on 2021-03-31
[$3000][830101] Low CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu (@shhnjk) on 2018-04-06
[$3000][1115045] Low CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding (@D1iv3) of Tencent Security Xuanwu Lab on 2020-08-11
[$1000][971231] Low CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher on 2019-06-05
[$500][1184147] Low CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 on 2021-03-03
[1213064] Various fixes from internal audits, fuzzing and other initiatives
想了解更多谷歌浏览器精彩资讯,敬请关注华军下载。