推 fshslee:Google 加油! 快快修正一些尚未相容的功能 12/03 08:38
http://googlechromereleases.blogspot.com/
This release upgrades Gears to 0.5.4.2 to address a security issue with Gears
0.5.4.0 and earlier versions:
Gears Cross-Origin Worker Vulnerability
CVE: CVE-2008-5258
A vulnerability in Gears could allow an attacker to run code in the
context of a site that serves user-controlled files. To exploit this, an
attacker needs to upload a malicious file to the victim's site and convince
the user to allow the attacker's site to use Gears.
Severity: High. Even though this requires convincing users to allow a
third-party site to use Gears, it could allow data theft and cross-site
scripting on sites hosting user-created content, even those that do not use
Gears.
Credit: Thanks to Yair Amit, Senior Security Researcher, IBM Rational
Application Security Research Team for responsibly reporting the issue to
Google.
This release also contains a fix to stop crashes while dragging tabs on
computers running Windows Vista.
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 193.157.242.118
GC最新版本更新到0.4.154.29
只有小修正,主要是針對Gears的安全性修正,
另外前面有板友提到拉動分頁會當機的問題看說明應該是解決了
詳細更新內容如下:
或見