谷歌浏览器 Google Chrome 102.0.5005.63 正式版附送官方下载地址

谷歌浏览器Google Chrome正式版迎来v102首个版本发布，详细版本号为v102.0.5005.63，上一个正式版v101.0.4951.67发布于5月13日，时隔12天Google又发布了新版Chrome浏览器，本次升级主要是更新了安全修复和稳定性改进及用户体验。

新版变化

Chrome v102.0.5005.63 正式版（2022-05-25）

谷歌Chrome v102正式版主要是更新，对后端API做了一系列开发者相关的增强，废除了一些其他API。同时，它还为桌面上的渐进式web应用程序(PWA)提供了窗口控件覆盖功能。这个版本的一个关键功能是开发者可以在桌面PWA中控制更多的空间。这是通过允许客户端应用程序扩展和控制整个屏幕来实现的。所谓窗口控件，可以理解为标题栏上的关闭、最大化、最小化按钮。这将使PWA看起来更像一个本地应用程序。

谷歌Chrome v101正式版主要是更新，带来了很多改进。首先，它提供了联邦凭证管理API(FedCM)的早期试验。据说API的设计是在保护身份隐私的同时保持使用相关用例，而不求助于扩展点跟踪(比如第三方cookie)。不过，FedCM目前只在Android移动平台的Chrome 101稳定版上启用，桌面版要等到Chrome 102的下一个版本。

谷歌Chrome v100正式版主要更新，也是Chrome浏览器自2014年以来的首次重大图标更新。更新后的设计在二月份第一次被预览。它使用了简化的图标，颜色更亮，没有阴影。 Chrome的设计师埃尔文·胡(Elvin Hu)表示，更新后的设计符合“谷歌更现代的品牌表达”

Google Chrome v 99正式版主要是更新，优化了JavaScript (JS)采用的样式表规范的实现。以前使用FrozenArray支持数组，现在将使用ObservableArray。新方法将使JS数组的变异变得更加容易。自2018年以来，微软、Mozilla、苹果和谷歌一直在争论这一规范的变化。新版本还集成了新的手写识别API，web开发人员可以使用它来提供墨迹功能。例如，在笔记本网络应用程序中，它们不需要依赖第三方的集成。说到网络应用，Chrome 99将允许安装的渐进式网络应用(PWA)覆盖屏幕上的更多区域，以便它们看起来更像本地应用而不是网络应用。

谷歌Chrome v98正式版主要是更新，增加了对COLRv1颜色渐变矢量字体的支持，是其COLRv0的进化版。它们以渐变、合成、变换和多色字母的形式带来了更具表现力的视觉能力，即使是在很小的字体中。根据谷歌的说法，它可以以COLRv1字体格式渲染Noto color表情符号，WOFF2压缩后大小为1.85MB。同时，对于同一个表情符号，标准位图字体占用9MB，在节省系统资源方面有了显著的提升。

谷歌Chrome v97正式版主要更新，引入了WebTransport API。WebTransport是一个类似于WebRTC数据通道的协议框架，但它主要用于受网络安全模型限制的客户端，使用安全的多路复用传输与远程服务器通信。 WebTransport使用HTTP/3协议进行双向传输。与基于TCP的WebSockets不同，WebTransport依赖于类似UDP的数据包和可取消的流。 WebTransport目前处于W3C工作草案状态。 Chrome 97还增加了HDR显示检测的CSS媒体查询，新的JavaScript方法，以及对本地网络应用程序的更多支持。

谷歌Chrome v96正式版的主要更新允许用户通过启用实验页面中指定的实验标志，在用户界面上启用Windows 11风格的右键菜单。更具体地说，谷歌增加了新的Windows 11风格的菜单logo，允许浏览器“尽可能使用Windows 11风格的菜单”，因此与系统的其他界面保持一致。默认情况下，这个标志仍然是禁用的，可能是因为谷歌一直在努力改进，所以预计在即将到来的更新中会有这方面的额外消息。增加了其他次要的开发人员功能，并对用户进行了一些改进，如桌面上的反向缓存、问题修复和安全维护。

The official version of Google Chrome has ushered in the first version of v102. The detailed version number is v102.0.5005.63. The last official version, v101.0.4951.67, was released on May 13. Google released a new version after 12 days. Chrome browser, this upgrade is mainly to update the security fixes and stability improvements and user experience.

New version changes

Chrome v102.0.5005.63 official version (2022-05-25)

The official version of Google Chrome v102 is mainly an update, a series of developer-related enhancements have been made to the back-end API, and some other APIs have been abolished. At the same time, it also provides window control overlays for Progressive Web Apps (PWAs) on the desktop. A key feature of this release is that developers can control more space in desktop PWAs. This is achieved by allowing client applications to extend and control the entire screen. The so-called window control can be understood as the close, maximize, and minimize buttons on the title bar. This will make the PWA look more like a native app.

The official version of Google Chrome v101 is mainly an update that brings a lot of improvements. First, it provides an early trial of the Federal Credentials Management API (FedCM). The API is said to be designed to preserve identity privacy while maintaining usage-relevant use cases, without resorting to extension point tracking (such as third-party cookies). However, FedCM is currently only enabled on the stable version of Chrome 101 for the Android mobile platform, and the desktop version will have to wait until the next version of Chrome 102.

The official version of Google Chrome v100 is a major update, and it is also the first major icon update of the Chrome browser since 2014. The updated design was first previewed in February. It uses simplified icons with brighter colors and no shadows. Chrome designer Elvin Hu said the updated design fits with "Google's more modern brand expression"

The official version of Google Chrome v 99 is mainly an update that optimizes the implementation of the style sheet specification adopted by JavaScript (JS). Arrays were previously backed using FrozenArray, now ObservableArray will be used. The new method will make it easier to mutate JS arrays. Microsoft, Mozilla, Apple and Google have been debating the norm change since 2018. The new version also integrates a new handwriting recognition API, which web developers can use to provide inking capabilities. For example, in notebook web applications, they do not need to rely on third-party integration. Speaking of web apps, Chrome 99 will allow installed progressive web apps (PWAs) to cover more area of the screen so that they look more like native apps than web apps.

The official version of Google Chrome v98 is mainly an update, adding support for COLRv1 color gradient vector fonts, which is an evolutionary version of its COLRv0. They bring more expressive visual power, even in small fonts, in the form of gradients, composites, transformations, and multicolor letters. According to Google, it can render Noto color emoji in the COLRv1 font format, which is 1.85MB in size after WOFF2 compression. At the same time, for the same emoji, the standard bitmap font occupies 9MB, which is a significant improvement in saving system resources.

The main update of the official version of Google Chrome v97 introduces the WebTransport API. WebTransport is a protocol framework similar to the WebRTC data channel, but it is primarily intended for clients limited by the network security model to communicate with remote servers using a secure multiplexed transport. WebTransport uses the HTTP/3 protocol for bidirectional transport. Unlike TCP-based WebSockets, WebTransport relies on UDP-like packets and cancelable streams. WebTransport is currently in W3C Working Draft status. Chrome 97 also adds CSS media queries for HDR display detection, new JavaScript methods, and more support for native web apps.

The major update to the official version of Google Chrome v96 allows users to enable Windows 11-style right-click menus on the user interface by enabling the experimental flag specified in the experiments page. More specifically, Google added a new Windows 11-style menu logo that allows the browser to "use Windows 11-style menus wherever possible," so it's consistent with the rest of the system's interface. This flag is still disabled by default, probably because Google has been working hard to improve it, so expect additional news on this in an upcoming update. Additional minor developer features have been added, and several improvements have been made for users, such as reverse caching on the desktop, bug fixes, and security maintenance.

安全修复和奖励

chromereleases.googleblog.com

Chrome v102.0.5005.63，此更新包括32个安全修复程序。

[$TBD][1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12
[$10000][1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27
[$7500][1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13
[$3000][1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
[$2000][1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11
[$1000][1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07
[$1000][1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05
[$TBD][1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15
[$TBD][1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16
[$5000][1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04
[$5000][1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01
[$5000][1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28
[$3000][1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20
[$3000][1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29
[$3000][1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michał Bentkowski of Securitum on 2022-04-12
[$TBD][1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28
[$NA][1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23
[$TBD][1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06
[$7000][1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21
[$7000][1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26
[$2000][1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11
[$500][1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21
[$500][1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15
[$TBD][1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06
[1328866] Various fixes from internal audits, fuzzing and other initiatives