谷歌浏览器v78正式版引入了内置的密码检查工具,目的是如果在用户登录期间发现异常就会发出提醒,允许用户在新标签页中添加壁纸,以及安装来自于Chrome Web Store上的主题。
谷歌浏览器v77正式版在视觉上进行了较大的调整,引入全局媒体控件和新的配色主题,新的Favicon加载动画,保护用户的安全改进,以及全新的欢迎体验,试图使整个启动过程更加有效。
谷歌浏览器v76正式版隐藏了浏览器地址栏中的http/https和www前缀标记,默认在所有网站上阻止Adobe Flash,用户可以重新启用Flash,但只能在单击到播放模式下使用Flash,同时还会出现一个警告,即Chrome在2020年12月之后将不支持Flash播放器。Adobe也将从2021年起停止支持Flash,所以这个更改是相当明智的。
官方更新日志
Chrome稳定版已经更新到v78.0.3904.70
安全修复程序和奖励
更新包括37项安全修复
[$20000][1001503] High CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-09-06
[$15000][998431] High CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-28
[$1000][998284] High CVE-2019-13701: URL spoof in navigation. Reported by David Erceg on 2019-08-27
[$5000][991125] Medium CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois (phillip.langlois@nccgroup.com) and Edward Torkington (edward.torkington@nccgroup.com), NCC Group on 2019-08-06
[$3000][992838] Medium CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani on 2019-08-12
[$3000][1001283] Medium CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-05
[$2000][989078] Medium CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera (@lbherrera_) on 2019-07-30
[$2000][1001159] Medium CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk on 2019-09-05
[$1000][859349] Medium CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo on 2018-07-01
[$1000][931894] Medium CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani on 2019-02-13
[$1000][1005218] Medium CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen of andsecurity.cn on 2019-09-18
[$500][756825] Medium CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod on 2017-08-18
[$500][986063] Medium CVE-2019-13711: Cross-context information leak. Reported by David Erceg on 2019-07-20
[$500][1004341] Medium CVE-2019-15903: Buffer overflow in expat. Reported by Sebastian Pipping on 2019-09-16
[$N/A][993288] Medium CVE-2019-13713: Cross-origin data leak. Reported by David Erceg on 2019-08-13
[$2000][982812] Low CVE-2019-13714: CSS injection. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-07-10
[$500][760855] Low CVE-2019-13715: Address bar spoofing. Reported by xisigr of Tencent's Xuanwu Lab on 2017-08-31
[$500][1005948] Low CVE-2019-13716: Service worker state error. Reported by Barron Hagerman on 2019-09-19
[$N/A][839239] Low CVE-2019-13717: Notification obscured. Reported by xisigr of Tencent's Xuanwu Lab on 2018-05-03
[$N/A][866162] Low CVE-2019-13718: IDN spoof. Reported by Khalil Zhani on 2018-07-20
[$N/A][927150] Low CVE-2019-13719: Notification obscured. Reported by Khalil Zhani on 2019-01-31
[1016016] Various fixes from internal audits, fuzzing and other initiatives