谷歌浏览器Google Chrome正式版迎来v92首个版本发布,详细版本号为v92.0.4515.107,上一个正式版v91.0.4472.164发布于7月16日,时隔5天Google又发布了新版Chrome浏览器,本次升级主要是更新了安全修复和稳定性改进及用户体验。
新版变化
Chrome v92.0.4515.107 正式版(2021-07-21)
谷歌浏览器v91正式版主要更新,得益于全新的Sparkplug编译器和short builtins调用机制,浏览器速度最高有23%的提,全新的Sparkplug编译器被设计用于执行和优化JavaScript代码之间的空白,以获得最大的性能。此外,Google还在使用“内置调用”来优化浏览器使用生成代码的过程,以减少调用函数时的跳转。支持桌面应用程序对剪贴板进行只读访问,该功能将允许用户使用剪贴板键盘快捷键,如Ctrl+C和Ctrl+V,将文件附加到电子邮件中,而不是仅仅依靠拖放方法。
谷歌浏览器v90正式版主要更新,引入了许多以用户为中心的功能改进,辅以安全性方面的进一步提升。默认向目标网站链接均启用SSL安全传输协议(HTTPS),全新AV1开源视频编码器的技术支持,高清视频占用大幅减小。新增窗口重命名功能,可重命名已打开的多个窗口,可记住窗口的配置,遇到崩溃重启会自动恢复状态。还有WebXR深度API、启用了URL协议设置程序、效果叠加层、以及安全性方面的诸多改进,比如为了防范缓解NAT Slipstream 2.0攻击,而屏蔽封锁了通过554端口的HTTP/HTTPS/FTP服务器访问。
谷歌浏览器v89正式版主要更新,修复了一个零日漏洞,建议用户尽快更新。优化了对WebHID、WebNFC和Web Serial等适用于HID设备API的支持,此外NFC和串行设备也被认为可以投入生产使用。还初步为WebRTC添加了对AV1编码的支持。此外桌面端还带来了Web Share和Web Share Target支持以及其他增强功能。
安全修复和奖励
googlechromereleases.blogspot.com
Chrome v92.0.4515.107,此更新包括35个安全修复程序。
[$15000][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19
[$10000][1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26
[$10000][1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20
[$8500][1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15
[$500][1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11
[$TBD][1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03
[$TBD][1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-05-28
[$TBD][1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team – securityforeveryone.com on 2021-06-06
[$TBD][1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08
[$15000][1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26
[$10000][1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01
[$10000][1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01
[$7500][1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng on 2021-04-21
[$7500][1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi’anxin Group on 2021-05-10
[$5000][1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17
[$5000][1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31
[$5000][1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu on 2021-05-05
[$3000][1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17
[$3000][1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26
[$N/A][1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11
[$TBD][1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21
[$N/A][1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30
[$5000][1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04
[$3000][1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20
[1231294] Various fixes from internal audits, fuzzing and other initiatives
下载地址
离线安装包“无更新组件”版提取原生绿色版方法:
鼠标右键解压离线安装包,此时会解压出来一个chrome.7z
再对chrome.7z解压就是原生绿色版啦!
离线安装包“无更新组件”版不含在线更新升级功能,所以不会添加更新计划任务,也没有后台更新进程,更干净。
Google Chrome v92.0.4515.107 官方正式版 离线安装包(无更新组件)64位
https://dl.google.com/release2/chrome/acqkdyz3x6ktjenzze3rojk4hs5a_92.0.4515.107/92.0.4515.107_chrome_installer.exe
https://www.google.com/dl/release2/chrome/acqkdyz3x6ktjenzze3rojk4hs5a_92.0.4515.107/92.0.4515.107_chrome_installer.exe
https://redirector.gvt1.com/edgedl/release2/chrome/acqkdyz3x6ktjenzze3rojk4hs5a_92.0.4515.107/92.0.4515.107_chrome_installer.exe
Google Chrome v92.0.4515.107 官方正式版 离线安装包(无更新组件)32位
https://dl.google.com/release2/chrome/aqsagtk45xwf5gi6a6jhxpyzta_92.0.4515.107/92.0.4515.107_chrome_installer.exe
https://www.google.com/dl/release2/chrome/aqsagtk45xwf5gi6a6jhxpyzta_92.0.4515.107/92.0.4515.107_chrome_installer.exe
https://redirector.gvt1.com/edgedl/release2/chrome/aqsagtk45xwf5gi6a6jhxpyzta_92.0.4515.107/92.0.4515.107_chrome_installer.exe
Google Chrome v92.0.4515.107 官方正式版 离线安装包(含更新组件)64位
https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise64.msi
Google Chrome v92.0.4515.107 官方正式版 离线安装包(含更新组件)32位
https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi
Google Chrome 官方正式版 离线安装包(含更新组件)新版及历史版本
https://lanzoui.com/b138066
https://pan.baidu.com/s/1Q5FptUnS0BjGMk5erwOhyw 提取码:36oz
原创文章,作者:奋斗,如若转载,请注明出处:https://blog.ytso.com/31268.html