谷歌浏览器 Google Chrome 101.0.4951.41 正式版附送官方下载地址

谷歌浏览器Google Chrome正式版迎来v101首个版本发布，详细版本号为v101.0.4951.41，上一个正式版v100.0.4896.127发布于4月15日，时隔12天Google又发布了新版Chrome浏览器，本次升级主要是更新了安全修复和稳定性改进及用户体验。

新版变化

Chrome v101.0.4951.41 正式版（2022-04-27）

谷歌浏览器v101正式版主要更新，带来了诸多改进，首先是提供了联合凭据管理API（FedCM）的早期试用，据说该应用程序接口旨在保护身份隐私的情况下继续使用相关用例、而无需借助扩展点追踪（比如第三方cookie）。不过目前FedCM仅在Android移动平台上的Chrome 101稳定版上启用，桌面版还得等到下一次Chrome 102版本。The official version of Google Chrome has ushered in the first version of v101. The detailed version number is v101.0.4951.41. The last official version, v100.0.4896.127, was released on April 15. Google released a new version after 12 days. Chrome browser, this upgrade is mainly to update the security fixes and stability improvements and user experience.
New version changes Chrome v101.0.4951.41 official version (2022-04-27)
The main update to the official version of Google Chrome v101 brings many improvements, starting with the provision of an early trial of the Federated Credential Management API (FedCM), which is said to be designed to protect identity privacy and continue to use related use cases without requiring Tracking via extension points (such as third-party cookies). However, FedCM is currently only enabled on the stable version of Chrome 101 on the Android mobile platform, and the desktop version will have to wait until the next Chrome 102 version.
The official version of Google Chrome v100 is a major update, the first major icon update for Chrome since 2014, and the updated design, first previewed in February, features simplified icons with brighter colors and no shadows. Chrome designer Elvin Hu said the updated design was meant to align with "Google's more modern brand expression."
The main update of the official version of Google Chrome v99 has optimized the implementation of the JavaScript (JS) adoptedStyleSheets specification, which previously used FrozenArray to support arrays, but will now utilize ObservableArray, the new method will make it easier to mutate JS arrays, since 2018 This norm change has been debated for years between Microsoft, Mozilla, Apple and Google. The new version also integrates a new handwriting recognition API, which web developers can use to provide inking capabilities, such as note-taking web applications, they will not need to rely on third-party integration. Speaking of web apps, Chrome 99 will allow installed Progressive Web Apps (PWAs) to cover more area on the screen so that they look more like native apps than web apps.
The main update of the official version of Google Chrome v98 adds support for COLRv1 color gradient vector fonts, which is an evolutionary version of its COLRv0. They bring more expressive visual power in the form of gradients, composites, transformations, multicolor letters, even at very small font sizes. According to Google, it can render the Noto color emoji using the COLRv1 font format, which is 1.85MB in size after WOFF2 compression. At the same time, for the same emoji, the standard bitmap font takes up 9MB, which is a significant improvement in saving system resource overhead.
The main update of the official version of Google Chrome v97, the introduction of the WebTransport API, WebTransport is a protocol framework similar to the WebRTC data channel, but mainly used for clients limited by the network security model, using secure, multiplex transmission and remote servers. communication. WebTransport uses the HTTP/3 protocol for bidirectional transport. Unlike TCP-based WebSockets, WebTransport relies on UDP-like packets and cancelable streams. WebTransport is currently in Working Draft status at the W3C. Chrome 97 also adds CSS media queries for HDR display detection, new JavaScript methods, more native web app support, and more.
The main update of the official version of Google Chrome v96 allows users to enable a Windows 11-style right-click menu on the user interface by enabling the specified experiment flag in the Experiments page. More specifically, Google added a new Windows 11-style menu flag that allows the browser to "use Windows 11-style menus wherever possible," so it's consistent with the rest of the system's interface. This flag is still disabled by default, most likely because Google has been working hard to perfect it, so expect additional news on this in an upcoming update. Others also add some minor developer features, some user improvements such as backward caching on the desktop, and bug fixes and security maintenance work.

谷歌浏览器v100正式版主要更新，自2014年以来Chrome浏览器的首次重大图标更新，更新后的设计在2月份首次预览，它采用了简化的图标，颜色更亮，没有阴影。Chrome的设计师Elvin Hu说，更新的设计是为了与“Google更现代的品牌表达”相一致。

谷歌浏览器v99正式版主要更新，优化了JavaScript（JS）adoptedStyleSheets规范的实现，这之前使用的是FrozenArray支持阵列，但现在将利用ObservableArray，新的方法将使突变JS数组变得更加容易，自2018年以来，微软、Mozilla、苹果和Google之间一直在争论这一规范的变化。新版本还整合了一个新的手写识别API，网络开发者可以利用它来提供墨迹功能，例如在笔记类网络应用中，他们将不需要依靠第三方的整合。谈到网络应用，Chrome 99将允许已安装的渐进式网络应用程序（PWA）在屏幕上覆盖更多区域，以便它们看起来更像本地应用而不是网络应用。

谷歌浏览器v98正式版主要更新，增加了对COLRv1彩色渐变矢量字体的支持，这是其COLRv0的进化版。它们以渐变、合成、变换、多色字母的形式带来了更具表现力的视觉能力，甚至在非常小的字体尺寸下也是如此。Google对此介绍说，它能够使用COLRv1字体格式渲染诺托彩色表情符号，经过WOFF2压缩后的大小为1.85MB。同时，对于同样的表情符号，标准的位图字体占用了9MB，在节省系统资源开销上，这是个重大的改进。

谷歌浏览器v97正式版主要更新，引入了WebTransport API，WebTransport是一个类似于WebRTC数据通道的协议框架，但主要是用于受网络安全模型限制的客户端，使用安全、多复式传输与远程服务器进行通信。WebTransport使用HTTP/3协议进行双向传输。与基于TCP的WebSockets不同，WebTransport依赖于类似UDP的数据包和可取消的流。WebTransport目前处于W3C的工作草案状态。Chrome 97还增加了用于HDR显示检测的 CSS媒体查询、新的JavaScript方法、更多的本地网络应用支持等。

谷歌浏览器v96正式版主要更新，允许用户在Experiments页面中通过启用指定实验flag，可以在用户界面上启用Windows 11风格的右键菜单。更具体地说，Google增加了一个新的Windows 11风格菜单标志，允许浏览器“尽可能使用Windows 11风格的菜单”，因此与系统的其他界面保持一致。默认情况下，这个标志仍然是禁用的，很可能是因为Google一直在努力完善它，所以预计在即将到来的更新中会有这方面的额外消息。其他还增加了一些次要的开发者功能，一些用户改进，如桌面上的后向缓存，以及问题修复和安全维护工作。

安全修复和奖励

chromereleases.googleblog.com

Chrome v101.0.4951.41，此更新包括30个安全修复程序。

[$10000][1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06
[$7000][1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20
[$7000][1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10
[$6000][1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17
[$5000][1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04
[$NA][1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10
[$NA][1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08
[$7500][1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15
[$7500][1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22
[$7500][1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08
[$7000][1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09
[$5000][1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04
[$2000][1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25
[$2000][1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01
[$2000][1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12
[$2000][1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michał Bentkowski of Securitum on 2022-04-11
[$1000][1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01
[$1000][1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17
[$1000][1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28
[$1000][1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15
[$NA][1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29
[$500][1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14
[$NA][1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04
[$TBD][1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25
[$NA][1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02
[1320031] Various fixes from internal audits, fuzzing and other initiatives