­　　Chrome 61 正式版今天發(fā)布，并增加了很多開發(fā)者相關的功能。在 Mac、Windows 和 Linux 系統(tǒng)中，Chrome 61 開始支持 WebUSB API，以及 PaymentRequest API。高級網(wǎng)絡平臺 API 支持大多數(shù)硬件外設，如鍵盤、鼠標、打印機和游戲手柄。為了使用教育、科學或工業(yè)等專用 USB 外設，用戶必須使用系統(tǒng)級權(quán)限查找和安裝可能不安全的驅(qū)動程序和軟件。

­　　Chrome現(xiàn)在支持 WebUSB API，在用戶同意的情況下允許網(wǎng)絡應用與外設通信。這可實現(xiàn)上述設備提供的所有功能，同時仍可保證網(wǎng)絡的安全。

­　　PaymentRequest API 可以提供安全、無縫的跨平臺結(jié)賬體驗。在 Chrome 61 中，瀏覽器還支持網(wǎng)絡信息 API，這意味著網(wǎng)站可以訪問設備信息，比如設備內(nèi)存 API 可以檢測內(nèi)存占有，以優(yōu)化網(wǎng)頁應用。

­　　在 Android 版 Chrome 61 中，新增加了全新的 Web Share API 網(wǎng)絡分享功能，瀏覽器可以激活 Android 原生分享功能。

­　　Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 61.

­　　Security Fixes and Rewards

­　　Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

­　　This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

­　　[$5000][737023] High CVE-2017-5111: Use after free in PDFium. Reported by Lu?t Nguy?n (@l4wio) of KeenLab, Tencent on 2017-06-27

­　　[$5000][740603] High CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein (www.trapkit.de) on 2017-07-10

­　　[$5000][747043] High CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous on 2017-07-20

­　　[$3500][752829] High CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-08-07

­　　[$3000][744584] High CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini on 2017-07-17

­　　[$TBD][759624] High CVE-2017-5116: Type confusion in V8. Reported by Anonymous on 2017-08-28

­　　[$1000][739190] Medium CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein (www.trapkit.de) on 2017-07-04

­　　[$1000][747847] Medium CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-07-24

­　　[$N/A][725127] Medium CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous on 2017-05-22

­　　[$N/A][718676] Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu (@general_nfs) on 2017-05-05

­　　We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

­　　As usual, our ongoing internal security work was responsible for a wide range of fixes:

­　　[762099] Various fixes from internal audits, fuzzing and other initiatives

­　　Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

­　　下載地址:

­　　https://www.google.com/chrome/