Chrome 49 穩定版更新，給您更好的瀏覽器

Chrome 49 穩定版更新了，該版本包含大量的 bug 修復和改進，完整列表請看 log 。

安全方面的問題：

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

該版本包含 26 security fixes. 下面是一些值得關注的列表，可以瀏覽 Chromium security page 獲取更多信息。

[$8000][560011] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.

[$7500][569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.

[$5000][549986] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.

[$3000][572537] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.

[$3000][559292] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.

[$2000][585268] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.

[$2000][584155] High CVE-2016-1636: SRI Validation Bypass. Credit to ryan@cyph.com.

[$500][560291] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.

[$2000][555544] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.

[$1000][585282] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.

[$1000][572224] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.

[$1000][550047] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.

[$500][583718] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.

我們非常感謝所有安全研究人員的辛勤工作。我們將會提供額外的 14500 美金作為獎勵。

內部安全工作：

• [591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.

• Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26).

安全方面的 bug 我們是通過使用這些工具來檢測的： AddressSanitizer, MemorySanitizer or Control Flow Integrity.

詳情請看： http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

來自： http://www.oschina.net//news/71172/chrome-49-stable