Google Chrome 61 正式版發布 加入更多開發者 API

­　　Chrome 61 正式版今天發布，并增加了很多開發者相關的功能。在 Mac、Windows 和 Linux 系統中，Chrome 61 開始支持 WebUSB API，以及 PaymentRequest API。高級網絡平臺 API 支持大多數硬件外設，如鍵盤、鼠標、打印機和游戲手柄。為了使用教育、科學或工業等專用 USB 外設，用戶必須使用系統級權限查找和安裝可能不安全的驅動程序和軟件。

­　　Chrome現在支持 WebUSB API，在用戶同意的情況下允許網絡應用與外設通信。這可實現上述設備提供的所有功能，同時仍可保證網絡的安全。

­　　PaymentRequest API 可以提供安全、無縫的跨平臺結賬體驗。在 Chrome 61 中，瀏覽器還支持網絡信息 API，這意味著網站可以訪問設備信息，比如設備內存 API 可以檢測內存占有，以優化網頁應用。

­　　在 Android 版 Chrome 61 中，新增加了全新的 Web Share API 網絡分享功能，瀏覽器可以激活 Android 原生分享功能。

­　　Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 61.

­　　Security Fixes and Rewards

­　　Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

­　　This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

­　　[$5000][737023] High CVE-2017-5111: Use after free in PDFium. Reported by Lu?t Nguy?n (@l4wio) of KeenLab, Tencent on 2017-06-27

­　　[$5000][740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10

­　　[$5000][747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20

­　　[$3500][752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07

­　　[$3000][744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17

­　　[$TBD][759624] High CVE-2017-5116: Type confusion in V8. Reported by Anonymous on 2017-08-28

­　　[$1000][739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04

­　　[$1000][747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24

­　　[$N/A][725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22

­　　[$N/A][718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

­　　We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

­　　As usual, our ongoing internal security work was responsible for a wide range of fixes:

­　　[762099] Various fixes from internal audits, fuzzing and other initiatives

­　　Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

­　　下載地址:

­　　https://www.google.com/chrome/