Chrome稳定版已经更新到v69.0.3497.81
安全修复程序和奖励
更新包括40项安全修复
[$5000][867776] High CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka on 2018-07-26
[$3000][847570] High CVE-2018-16066😮ut of bounds read in Blink. Reported by cloudfuzzer on 2018-05-29
[$500][860522] High CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-07-05
[N/A][877182] High CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand of Google Project Zero on 2018-08-23
[N/A][848238] High CVE-2018-16069😮ut of bounds read in SwiftShader. Reported by Mark Brand of Google Project Zero on 2018-05-31
[N/A][848716] High CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-06-01
[N/A][855211] High CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-21
[$4000][864283] Medium CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer. Reported by Jun Kokatsu (@shhnjk) on 2018-07-17
[$3000][863069] Medium CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu (@shhnjk) on 2018-07-12
[$3000][863623] Medium CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu (@shhnjk) on 2018-07-13
[$2500][864932] Medium: Out of bounds read in Little-CMS. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security on 2018-07-18
[$2000][788936] Medium CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila (@cgvwzq) on 2017-11-27
[$2000][867501] Medium CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic of Cisco Talos on 2018-07-25
[$1000][377995] Medium CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero on 2014-05-27
[$1000][858820] Medium CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks on 2018-06-28
[$500][723503] Medium CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù (antisnatchor) on 2017-05-17
[$500][858929] Medium CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani on 2018-06-29
[N/A][666299] Medium CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn of Google Project Zero on 2016-11-17
[N/A][851398] Medium CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair on 2018-06-11
[N/A][856823] Medium CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-06-26
[$1000][865202] Low CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu (@shhnjk) on 2018-07-18
[N/A][856578] Low CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin of Yandex on 2018-06-26
[880418] Various fixes from internal audits, fuzzing and other initiatives
http://googlechromereleases.blogspot.com
