谷歌浏览器Chrome Stable稳定版迎来v53正式版首版发布,详细版本号为v53.0.2785.89,上一个正式版发布于8月4日星期四,时隔28天Google又发布了新版Chrome,本次惯例更新了33项重要安全修复及稳定性改进。 Chrome53.0.2785.89更新内容: 稳定版已经更新到 53.0.2785.89 安全修复程序和奖励 本次更新包括33项安全修复 [$7500][628942] High CVE-2016-5147: Universal XSS in Blink. Credit to anonymous [$7500][621362] High CVE-2016-5148: Universal XSS in Blink. Credit to anonymous [$7500][573131] High CVE-2016-5149: Script injection in extensions. Credit to Max Justicz (http://web.mit.edu/maxj/www/) [$5000][637963] High CVE-2016-5150: Use after free in Blink. Credit to anonymous [$5000][634716] High CVE-2016-5151: Use after free in PDFium. Credit to anonymous [$5000][629919] High CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of StealIEn [$3500][631052] High CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen of OUSPG [$3000][633002] High CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous [$3000][630662] High CVE-2016-5155: Address bar spoofing. Credit to anonymous [$3000][625404] High CVE-2016-5156: Use after free in event bindings. Credit to jinmo123 [$TBD][632622] High CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous [$TBD][628890] High CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go of StealIEn [$TBD][628304] High CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go of StealIEn [$n/a][622420] Medium CVE-2016-5161: Type confusion in Blink. Credit to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro's Zero Day Initiative [$n/a][589237] Medium CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic [$3000][609680] Medium CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net) [$2000][637594] Medium CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous [$1000][618037] Medium CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal [$TBD][616429] Medium CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal [$500][576867] Low CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally, FogMarks.com (@FogMarks) [642598] CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. |