Chrome49稳定版更新，给您更好的浏览器

yangwang星空

Chrome 49 稳定版更新，给您更好的浏览器
oschina    4天前
Chrome 49 稳定版更新了，该版本包含大量的 bug 修复和改进，完整列表请看 log 。



安全方面的问题：


Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


该版本包含 26 security fixes. 下面是一些值得关注的列表，可以浏览 Chromium security page 获取更多信息。


[$8000][560011] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.

[$7500][569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.

[$5000][549986] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.

[$3000][572537] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.

[$3000][559292] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.

[$2000][585268] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.

[$2000][584155] High CVE-2016-1636: SRI Validation Bypass. Credit to ryan@cyph.com.

[$500][560291] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.

[$2000][555544] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.

[$1000][585282] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.

[$1000][572224] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.

[$1000][550047] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.

[$500][583718] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.


我们非常感谢所有安全研究人员的辛勤工作。我们将会提供额外的 14500 美金作为奖励。


内部安全工作：

[591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.

Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26).


安全方面的 bug 我们是通过使用这些工具来检测的： AddressSanitizer, MemorySanitizer or Control Flow Integrity.



详情请看： http://googlechromereleases.blog ... channel-update.html

更多关于: Chrome 的详细信息

相关资讯
Chrome 开发版已经到 50.x 了！
Chrome 稳定版更新至 48.0.2564.109 版本
Chrome OS Beta 更新至 49.0.2623.39
NayuOS —— Chrome OS 的自由软件替代
Chrome OS和Chrome浏览器将采用材料设计规范
Google Chrome 47.0.2526.106 发布
Google Chrome 终于支持 CSS Variables 了
Chrome OS 与 Android 的生死爱欲
Betwixt：基于 Chrome DevTools 的 Web 调试代理
Chrome 扩展存在严重隐私问题