Google Chrome 61 正式版发布 加入更多开发者 API

­　　Chrome 61 正式版今天发布，并增加了很多开发者相关的功能。在 Mac、Windows 和 Linux 系统中，Chrome 61 开始支持 WebUSB API，以及 PaymentRequest API。高级网络平台 API 支持大多数硬件外设，如键盘、鼠标、打印机和游戏手柄。为了使用教育、科学或工业等专用 USB 外设，用户必须使用系统级权限查找和安装可能不安全的驱动程序和软件。

­　　Chrome现在支持 WebUSB API，在用户同意的情况下允许网络应用与外设通信。这可实现上述设备提供的所有功能，同时仍可保证网络的安全。

­　　PaymentRequest API 可以提供安全、无缝的跨平台结账体验。在 Chrome 61 中，浏览器还支持网络信息 API，这意味着网站可以访问设备信息，比如设备内存 API 可以检测内存占有，以优化网页应用。

­　　在 Android 版 Chrome 61 中，新增加了全新的 Web Share API 网络分享功能，浏览器可以激活 Android 原生分享功能。

­　　Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 61.

­　　Security Fixes and Rewards

­　　Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

­　　This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

­　　[$5000][737023] High CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-06-27

­　　[$5000][740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10

­　　[$5000][747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20

­　　[$3500][752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07

­　　[$3000][744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17

­　　[$TBD][759624] High CVE-2017-5116: Type confusion in V8. Reported by Anonymous on 2017-08-28

­　　[$1000][739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04

­　　[$1000][747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24

­　　[$N/A][725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22

­　　[$N/A][718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

­　　We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

­　　As usual, our ongoing internal security work was responsible for a wide range of fixes:

­　　[762099] Various fixes from internal audits, fuzzing and other initiatives

­　　Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

­　　下载地址:

­　　https://www.google.com/chrome/