当前位置：首页 > IT资讯 > 微软

Google Chrome v77.0.3865.75 正式版发布

时间：2019-09-11 来源：u小马访问：次

谷歌浏览器Google Chrome稳定版迎来v77首个版本发布，详细版本号为v77.0.3865.75，上一个正式版v76.0.3809.132发布于8月27日，时隔15天Google又发布了新版Chrome浏览器，本次升级主要是更新了安全修复和稳定性改进及用户体验。

谷歌浏览器v76正式版隐藏了浏览器地址栏中的http/https和www前缀标记，默认在所有网站上阻止Adobe Flash，用户可以重新启用Flash，但只能在单击到播放模式下使用Flash，同时还会出现一个警告，即Chrome在2020年12月之后将不支持Flash播放器。Adobe也将从2021年起停止支持Flash，所以这个更改是相当明智的。

谷歌浏览器v75正式版主要为桌面和网页开发者引入了几项新功能和软件增强。其中在“隐私和安全”设置中新增了用于管理安全密钥的选项，并支持Scroll Snap Stop来改进手势导航。

谷歌浏览器v74正式版增加了两个关键功能：对网页和操作系统级集成的减速支持浏览器将获得windows 10的原生黑暗模式。这比集成浏览器外壳更深入，如果从相应PC的windows操作系统中的应用程序样式中选择暗黑模式，浏览器现在将自动适应它。

Chrome稳定版已经更新到v77.0.3865.75

安全修复程序和奖励

更新包括52项安全修复

[$TBD][999311] Critical CVE-2019-5870: Use-after-free in media. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29

[$7500][990570] High CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous on 2019-08-03

[$3000][981492] High CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response

Center of Qihoo 360 Technology Co. Ltd on 2019-07-05

[$3000][989497] High CVE-2019-5873: URL bar spoofing on iOS. Reported by Khalil Zhani on 2019-07-31

[$3000][989797] High CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee (@windowsrcer) on 2019-08-01

[$2000][979443] High CVE-2019-5875: URL bar spoof via download redirect. Reported by Khalil Zhani on 2019-06-28

[$TBD][997190] High CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo of Semmle Security Research Team on 2019-08-23

[$TBD][999310] High CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-08-29

[$TBD][1000217] High CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-09-03

[$3000][986043] Medium CVE-2019-5879: Extension can bypass same origin policy. Reported by Jinseo Kim on 2019-07-20

[$2000][831725] Medium CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu (@shhnjk) on 2018-04-11

[$2000][980816] Medium CVE-2019-5881: Arbitrary read in SwiftShader. Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response

Center of Qihoo 360 Technology Co. Ltd on 2019-07-03

[$1000][868846] Medium CVE-2019-13659: URL spoof. Reported by Lnyas Zhang on 2018-07-30

[$1000][882363] Medium CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-10

[$1000][882812] Medium CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-11

[$1000][967780] Medium CVE-2019-13662: CSP bypass. Reported by David Erceg on 2019-05-28

[$500][863661] Medium CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang on 2018-07-14

[$500][915538] Medium CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell on 2018-12-16

[$500][959640] Medium CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-05

[$500][960305] Medium CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven on 2019-05-07

[$500][973056] Medium CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani on 2019-06-11

[$500][986393] Medium CVE-2019-13668: Global window leak via console. Reported by David Erceg on 2019-07-22

[$N/A][968451] Medium CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani on 2019-05-30

[$N/A][980891] Medium CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2019-07-03

[$TBD][696454] Medium CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr of Tencent's Xuanwu Lab on 2017-02-27

[$TBD][997925] Medium CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg on 2019-08-26

[$500][896533] Low CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani on 2018-10-18

[$500][929578] Low CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-02-07

[$TBD][875178] Low CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-08-17

[$TBD][939108] Low CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-03-06

[$TBD][946633] Low CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing on 2019-03-27

[$TBD][968914] Low CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin, Superhuman on 2019-05-31

[$TBD][969684] Low CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade from Computest on 2019-06-03

[$TBD][970378] Low CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg on 2019-06-04

[$TBD][971917] Low CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-06-07

[$TBD][987502] Low CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg on 2019-07-25

[1002279] Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 稳定版离线安装包官方本地下载地址：

Google Chrome v77.0.3865.75 无更新功能版 64位

SHA1：494E20012995ADC644127F8A827ABB986C7A522D

SHA256：6338AD7003F55DEA18EAE8F31E04F0346189FCA3104DF6A0C7199DADF862BE32

http://dl.google.com/release2/chrome/DwRvDRtUAD LGWiTxTGOE6A_77.0.3865.75/77.0.3865.75_chrome_installer.exe