谷歌浏览器Google Chrome正式版迎来v95第二个维护版本发布,详细版本号为v95.0.4638.69,上一个正式版v95.0.4638.54发布于10月8日,时隔9天Google又发布了新版Chrome浏览器,本次升级主要是更新了安全修复和稳定性改进及用户体验。The official version of Google Chrome ushered in the release of the second maintenance version of v95. The detailed version number is v95.0.4638.69. The last official version v95.0.4638.54 was released on October 8, 9 days after Google released it again. With the new version of Chrome browser, this upgrade is mainly to update security fixes, stability improvements and user experience.

The new version changes the official version (2021-10-29)

The official version of Google Chrome v95 is mainly updated. The function of saving tag groups is becoming a trend in desktop web browsers. When you close Chrome, you don’t have to worry about losing them and having to recreate them, because a simple switch will allow you to save these groups for Use in the future. Chrome 95 began to enforce the cookie size limit and canceled the support for the FTP file transfer protocol. The cookie name + value size is strictly limited to a maximum of 4096 bytes, and the length of each attribute is a maximum of 1024 bytes. Was completely rejected. Chrome 95 enhanced the user agent (UA) client prompt to cater to the detection of different Windows versions. Chrome 95 also cancelled support for the FTP file transfer protocol. Careful users should find that Chrome no longer supports encrypted FTP connections such as FTPS, and lacks corresponding proxy support.

The main update of the official version of Google Chrome v94 introduces support for the idle detection API, which will be enabled by default and available to developers. It also brings support for the low-level WebCodecs API and provides access to existing hardware and software media encoders and decoders, which will improve the performance of certain applications, such as latency-sensitive game streaming. An obsolete standard AppCache has also been deleted. Google said this is a security responsibility, so developers should use Service Workers instead.

The main update of the official version of Google Chrome v93 brings a series of improvements to consumers, cross-platform support for WebOTP API, Note adds a new note URL, and removes the 3DES of TLS. For multi-screen window settings, a new screen information API has been added, and the existing window placement API has been incrementally improved to enable web applications to provide an excellent multi-screen experience. The existing single window.screen provides a limited view of the available screen space, and the window placement function is generally bounded by the current screen. This feature opens up a modern multi-screen workspace for web applications.

Security fixes and rewards, this update includes 8 security fixes.

新版变化

Chrome v95.0.4638.69 正式版(2021-10-29)

谷歌浏览器v95正式版主要更新,保存标签组功能在桌面网络浏览器中正成为一种趋势,在你关闭Chrome时不必担心丢失和不得不重新创建,因为一个简单的切换将让你保存这些组以便将来使用。Chrome 95开始强制执行的cookie大小限制、以及取消对FTP文件传输协议的支持,cookie的名称+值的大小严格限制为最大4096字节,每个属性的长度最多为1024字节,超长部分将被彻底拒绝。Chrome 95增强了用户代理(UA)的客户端提示,以迎合不同Windows版本的检测。Chrome 95还取消了对FTP文件传输协议的支持。细心的用户应该发现,Chrome已不支持FTPS等加密型FTP连接,也缺乏相应的代理支持。

谷歌浏览器v94正式版主要更新,引入了对空闲检测API的支持,这个API将默认启用并提供给开发者使用。还带来对低级别的WebCodecs API的支持,提供对现有硬件和软件媒体编码器和解码器的访问,这将提高某些应用程序的性能,如对延迟敏感的游戏流。还删除了一个废弃的标准AppCache,Google表示这是一个安全责任,所以开发者应该使用Service Workers来代替。

谷歌浏览器v93正式版主要更新,面向消费者带来了一系列的改进,跨平台支持WebOTP API,Note新增新的笔记URL,移除TLS的3DES。多屏幕窗口设置,增加了新的屏幕信息API,并对现有的窗口放置API进行了增量改进,使网络应用能够提供优秀的多屏幕体验。现有的单一的window.screen提供了一个有限的可用屏幕空间的视图,而窗口放置功能一般都是以当前屏幕为界限的。这项功能为网络应用开启了现代多屏工作空间。

安全修复和奖励

Google urgently released Chrome 95.0.4638.69 for Windows, Mac and Linux to fix two zero-day vulnerabilities being exploited by attackers.

This Chrome version fixes a total of seven vulnerabilities, two of which are zero-day vulnerabilities that are known to have been widely exploited. The first zero-day vulnerability number is CVE-2021-38000, which is described as “insufficient verification of untrusted input in the intent” and is assigned a high severity level. The second zero-day vulnerability number is CVE-2021-38003, which is a serious “improper implementation” error in the Chrome V8 JavaScript engine.

At the same time, Google said in the announcement that the new version may take some time to cover everyone. If you want to install the Chrome update immediately, you can go to the Chrome menu> Help> About Google Chrome, and the browser will start to perform the update. In addition, Google has not provided more details on how threat actors use the vulnerability in the attack, but may disclose more information in future Google TAG or Project Zero reports.

According to statistics, this is the 15th Chrome zero-day vulnerability patched by Google since 2021.

谷歌紧急发布了适用于 Windows、Mac 和 Linux 的 Chrome 95.0.4638.69,以修复攻击者正在利用的两个零日漏洞。

此 Chrome 版本共修复了七个漏洞,其中两个是已知已被广泛利用的零日漏洞。第一个零日漏洞编号是 CVE-2021-38000,被描述为 “对 Intent 中不可信输入的验证不足”,并被指定为高严重性级别。第二个零日漏洞编号是 CVE-2021-38003,是 Chrome V8 JavaScript 引擎中的一个严重的 “不当实施” 错误。

同时,谷歌在公告中表示,新版本可能需要一些时间才能覆盖所有人,如果要立即安装 Chrome 更新,可以转到 Chrome 菜单 > 帮助 > 关于 Google Chrome,浏览器将开始执行更新。此外,谷歌尚未提供有关威胁行为者如何在攻击中使用漏洞的更多细节,不过可能会在未来的 Google TAG 或 Project Zero 报告中披露更多信息。

据统计,这已经是 2021 年以来谷歌修补的第 15 个 Chrome 零日漏洞。

googlechromereleases.blogspot.com

Chrome v95.0.4638.69,此更新包括8个安全修复程序。

[$10000][1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
[$7500][1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13
[$1000][1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
[$N/A][1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15
[$N/A][1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by Kunlun Lab via Tianfu Cup on 2021-10-16
[$N/A][1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, 漏洞研究院青训队 via Tianfu Cup on 2021-10-16
[$TBD][1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26
Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.
[1264537] Various fixes from internal audits, fuzzing and other initiatives

下载地址

离线安装包“无更新组件”版提取原生绿色版方法:
鼠标右键解压离线安装包,此时会解压出来一个chrome.7z
再对chrome.7z解压就是原生绿色版啦!
离线安装包“无更新组件”版不含在线更新升级功能,所以不会添加更新计划任务,也没有后台更新进程,更干净。

Google Chrome v95.0.4638.69 官方正式版 离线安装包(无更新组件)64位
https://dl.google.com/release2/chrome/afvh36re2keytdf4zgzjrchg5y_95.0.4638.69/95.0.4638.69_chrome_installer.exe
https://www.google.com/dl/release2/chrome/afvh36re2keytdf4zgzjrchg5y_95.0.4638.69/95.0.4638.69_chrome_installer.exe
https://redirector.gvt1.com/edgedl/release2/chrome/afvh36re2keytdf4zgzjrchg5y_95.0.4638.69/95.0.4638.69_chrome_installer.exe

Google Chrome v95.0.4638.69 官方正式版 离线安装包(无更新组件)32位
https://dl.google.com/release2/chrome/adhoipclo66vdu7rwe77fzxri7kq_95.0.4638.69/95.0.4638.69_chrome_installer.exe
https://www.google.com/dl/release2/chrome/adhoipclo66vdu7rwe77fzxri7kq_95.0.4638.69/95.0.4638.69_chrome_installer.exe
https://redirector.gvt1.com/edgedl/release2/chrome/adhoipclo66vdu7rwe77fzxri7kq_95.0.4638.69/95.0.4638.69_chrome_installer.exe

Google Chrome v95.0.4638.69 官方正式版 离线安装包(含更新组件)64位
https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise64.msi

Google Chrome v95.0.4638.69 官方正式版 离线安装包(含更新组件)32位
https://dl.google.com/edgedl/chrome/install/GoogleChromeStandaloneEnterprise.msi

Google Chrome 官方正式版 离线安装包(含更新组件)新版及历史版本
https://lanzoui.com/b138066
https://pan.baidu.com/s/1Q5FptUnS0BjGMk5erwOhyw 提取码:36oz

发表评论

后才能评论