Google Chrome v88.0.4324.96 正式版

N软 2021-01-2023:27:45来源: N软网 167 300,779

Google Chrome v88.0.4324.96 正式版的照片

谷歌浏览器Google Chrome正式版迎来v88首个版本发布，详细版本号为v88.0.4324.96，上一个正式版v87.0.4280.141发布于1月7日，时隔13天Google又发布了新版Chrome浏览器，本次升级主要是更新了安全修复和稳定性改进及用户体验。

新版变化

Chrome v88.0.4324.96 正式版（2021.1.7）
blog.chromium.org
blog.google/products/chrome
googlechromereleases.blogspot.com

谷歌浏览器v88正式版主要更新，改进深色主题支持，优化深色模式，覆盖设置、书签、历史、新标签页等更多内部页面的滚动条。停止对FTP的支持，无法使用Chrome作为FTP客户端，不再支持ftp://开头的地址。停止对Mac OS Yosemite的支持，结束对旧版浏览器附加组件的支持，减少请求许可干扰，优化适用于Chrome OS的浅色和深色模式。

谷歌浏览器v87正式版主要更新，由于进行了许多底层改进，更快地启动、更快地加载，更多方式提升续航，代表了多年来Chrome性能的最大提高。活动标签页优先处理将CPU使用率降低5倍，并将电池寿命延长1.25小时。Chrome启动速度快25%，页面加载速度提高了7％，并且所有这些操作都比以前使用更少的电量和内存。

谷歌浏览器v86正式版主要更新，首先，本机文件系统API允许用户向Web应用赋予对指定文件/文件夹的读写访问权限，以带来更轻松、友好的使用体验。对于图像/视频/代码编辑、以及办公套件等使用场景来说，Chrome 86都将变得更加实用。其次，Chrome 86引入了后退缓存，用于用户在先前访问的页面上实现即时导航。

安全修复和奖励

Chrome v88.0.4324.96，此更新包括36个安全修复程序。
[$30000][1137179] Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara on 2020-10-10
[$16000][1161357] High CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander (@tylerni7) of Theori on 2020-12-23
[$5000][1160534] High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20
[$5000][1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21
[$5000][1161143] High CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2020-12-22
[$5000][1162131] High CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan on 2020-12-28
[$1000][1137247] High CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski on 2020-10-11
[$N/A][1131346] High CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-09-23
[$N/A][1152327] High CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas (Imperva) on 2020-11-24
[$N/A][1163228] High CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero on 2021-01-05
[$3000][1108126] Medium CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg on 2020-07-22
[$3000][1115590] Medium CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura on 2020-08-12
[$2000][1138877] Medium CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong on 2020-10-15
[$1000][1140403] Medium CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
[$1000][1140410] Medium CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
[$1000][1140417] Medium CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
[$TBD][1128206] Medium CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg on 2020-09-15
[$TBD][1157743] Medium CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01(twitter.com/wester0x01) on 2020-12-11
[$TBD][1157800] Medium CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01(twitter.com/wester0x01) on 2020-12-11
[$TBD][1157818] Medium CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk on 2020-12-11
[$2000][1038002] Low CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed on 2019-12-27
[$500][1093791] Low CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear on 2020-06-11
[$500][1122487] Low CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2020-08-27
[$N/A][937131] Low CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-01
[$N/A][1136327] Low CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri on 2020-10-08
[$N/A][1140435] Low CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski on 2020-10-20
[1168217] Various fixes from internal audits, fuzzing and other initiatives