ProHoster > Блог > labaran intanet > Chrome 86

Chrome 86

An sake sakin Chrome 86 na gaba da ingantaccen sakin Chromium.

Canje-canje masu mahimmanci a cikin Chrome 86:

  • kariya daga rashin aminci sallamar fom ɗin shigarwa akan shafukan da aka ɗora akan HTTPS amma aika bayanai akan HTTP.
  • Toshe abubuwan zazzagewa marasa aminci (http) na fayilolin da za a iya aiwatarwa yana cika ta hanyar toshe abubuwan zazzagewa marasa aminci na wuraren ajiya (zip, iso, da sauransu) da kuma nuna gargaɗi don saukar da takardu marasa aminci (docx, pdf, da sauransu). Ana sa ran toshe daftarin aiki da gargadi don hotuna, rubutu, da fayilolin mai jarida a cikin saki na gaba. Ana aiwatar da toshewar saboda ana iya amfani da zazzage fayiloli ba tare da ɓoyewa ba don yin munanan ayyuka ta maye gurbin abun ciki yayin harin MITM.
  • Menu na mahallin tsoho yana nuna zaɓin "Koyaushe nuna cikakken URL", wanda a baya yana buƙatar canza saitunan akan shafin game da: flags don kunnawa. Hakanan za'a iya duba cikakken URL ta danna sau biyu akan mashin adireshi. Bari mu tunatar da ku cewa farawa da Chrome 76, ta tsohuwa an fara nuna adireshin ba tare da yarjejeniya da yanki na www ba. A cikin Chrome 79, an cire saitin don dawo da tsohon hali, amma bayan rashin gamsuwar mai amfani, an ƙara sabon tutar gwaji a cikin Chrome 83 wanda ke ƙara zaɓi zuwa menu na mahallin don kashe ɓoyewa da nuna cikakken URL a kowane yanayi.
    Don ƙananan kaso na masu amfani, an ƙaddamar da gwaji don nunawa kawai yanki a cikin adireshin adireshin ta tsohuwa, ba tare da abubuwan hanya da sigogin tambaya ba. Misali, maimakon "https://example.com/secure-google-sign-in/" "example.com" za a nuna. Ana sa ran za a kawo yanayin da aka tsara ga duk masu amfani a cikin ɗayan fitowar ta gaba. Don musaki wannan ɗabi'a, zaku iya amfani da zaɓin "Ku nuna cikakken URL koyaushe", kuma don duba URL gaba ɗaya, kuna iya danna mashigin adireshin. Dalilin canjin shine sha'awar kare masu amfani daga phishing wanda ke sarrafa sigogi a cikin URL - maharan suna amfani da rashin kulawar masu amfani don ƙirƙirar bayyanar buɗe wani rukunin yanar gizon da aikata ayyukan zamba (idan irin waɗannan canje-canje a bayyane suke ga mai amfani da fasaha. , sannan mutanen da ba su da kwarewa cikin sauƙi sun faɗi don irin wannan magudi mai sauƙi).
  • An sabunta yunƙurin cire tallafin FTP. A cikin Chrome 86, FTP an kashe ta tsohuwa don kusan 1% na masu amfani, kuma a cikin Chrome 87 za a ƙara iyakar nakasa zuwa 50%, amma ana iya dawo da tallafi ta amfani da "-enable-ftp" ko "- -enable-features=FtpProtocol" tuta. A cikin Chrome 88, tallafin FTP za a kashe gabaɗaya.
  • A cikin sigar Android, mai kama da sigar na tsarin tebur, mai sarrafa kalmar sirri yana aiwatar da rajistan shiga da kalmomin shiga da aka adana a kan rumbun adana bayanan da ba su dace ba, yana nuna gargaɗi idan an gano matsaloli ko aka yi ƙoƙarin amfani da kalmomin shiga marasa mahimmanci. Ana gudanar da cak ɗin ne a kan bayanan da ke rufe sama da asusun ajiyar kuɗi biliyan 4 waɗanda suka bayyana a cikin bayanan bayanan masu amfani da aka leka. Don kiyaye sirri, ana tabbatar da prefix ɗin hash a gefen mai amfani, kuma kalmomin sirri da kansu da cikakkun hashes ɗin su ba a watsa su a waje.
  • Maballin "Chekin Tsaro" da ingantaccen yanayin kariya daga shafuka masu haɗari (Ingantacciyar Browsing Lafiya) kuma an canza su zuwa nau'in Android. Maballin "Duba Tsaro" yana nuna taƙaitaccen abubuwan tsaro masu yiwuwa, kamar amfani da kalmomin sirri da aka lalata, matsayin bincika wuraren ɓoyayyiya (Lafiya Browsing), kasancewar sabbin abubuwan da ba a shigar da su ba, da gano ƙarin abubuwan ƙarawa masu ɓarna. Yanayin kariya na ci gaba yana kunna ƙarin bincike don kare kai daga masu saɓo, ayyukan mugunta da sauran barazana akan gidan yanar gizon, kuma ya haɗa da ƙarin kariya don asusun Google da ayyukan Google (Gmail, Drive, da sauransu). Idan a cikin yanayin Safe Browing na yau da kullun ana yin rajistan shiga cikin gida ta amfani da bayanan bayanan lokaci-lokaci ana loda akan tsarin abokin ciniki, to a cikin Ingantaccen Binciken Bincike game da shafuka da abubuwan zazzagewa a ainihin lokacin ana aika don tabbatarwa a gefen Google, wanda ke ba ku damar amsawa da sauri. barazanar kai tsaye bayan an gano su, ba tare da jira har sai an sabunta jerin baƙaƙen gida ba.
  • Ƙara goyon baya ga fayil mai nuna alama ". sanannun/canza kalmar sirri", wanda masu gidan yanar gizon zasu iya ƙayyade adireshin gidan yanar gizon don canza kalmar sirri. Idan an lalata bayanan shaidar mai amfani, Chrome yanzu zai tura mai amfani nan take da fom ɗin canza kalmar sirri dangane da bayanin da ke cikin wannan fayil ɗin.
  • An aiwatar da sabon gargaɗin “Tsarin Tsaro”, wanda aka nuna lokacin buɗe rukunin yanar gizo waɗanda yankinsu ya yi kama da wani rukunin yanar gizo kuma masana ilimin kimiya sun nuna cewa akwai yuwuwar yin ɓarna (misali, ana buɗe goog0le.com maimakon google.com).

    * An aiwatar da goyan bayan cache na gaba, yana ba da kewayawa kai tsaye lokacin amfani da maɓallan "Baya" da "Gaba" ko lokacin kewayawa ta shafukan da aka gani a baya na rukunin yanar gizon yanzu. An kunna cache ta amfani da chrome://flags/#back-forward-cache saitin.

  • Haɓaka amfani da albarkatun CPU don windows waɗanda ba su da iyaka. Chrome yana duba ko taga burauzar yana lullube da wasu windows kuma yana hana zana pixels a wuraren da suka zoba. An kunna wannan haɓakawa don ƙaramin adadin masu amfani a cikin Chrome 84 da 85 kuma yanzu an kunna shi a ko'ina. Idan aka kwatanta da fitowar da ta gabata, an warware rashin jituwa tare da tsarin ƙima wanda ya haifar da bayyanar fararen fararen shafuka.
  • Ƙara kayan gyara kayan aiki don shafukan bango. Irin waɗannan shafuka ba za su iya ci fiye da 1% na albarkatun CPU ba kuma ana iya kunna su ba fiye da sau ɗaya a minti ɗaya ba. Bayan mintuna biyar na kasancewa a bango, shafuka suna daskarewa, ban da shafuka masu kunna abun ciki na multimedia ko rikodi.
  • An ci gaba da aiki kan haɗa kan mai amfani-Agent HTTP. A cikin sabon sigar, goyan baya ga na'ura mai ba da shawara na abokin ciniki-Agent mai amfani, wanda aka haɓaka azaman maye gurbin Wakilin mai amfani, ana kunna shi ga duk masu amfani. Sabuwar tsarin ya ƙunshi zaɓin mayar da bayanai game da takamaiman ma'aunin bincike da tsarin (siffa, dandamali, da sauransu) kawai bayan buƙatar uwar garken da ba masu amfani damar zaɓin ba da irin wannan bayanin ga masu rukunin yanar gizon. Lokacin amfani da Alamomin Abokin Hulɗa na Mai amfani, ba a aika mai ganowa ta tsohuwa ba tare da buƙatun fayyace ba, wanda ke sa ba zai yuwu ba (ta tsohuwa, sunan burauza kawai ake nunawa).
    An canza alamar kasancewar sabuntawa da buƙatar sake kunna mai binciken don shigar da shi. Maimakon kibiya mai launi, "Sabuntawa" yanzu yana bayyana a filin avatar asusu.
  • An gudanar da aiki don canza mai binciken zuwa amfani da kalmomi masu haɗaka. A cikin sunayen manufofin, an maye gurbin kalmomin "whitelist" da "blacklist" tare da "allowlist" da "blocklist" ( riga da aka ƙara manufofin za su ci gaba da aiki, amma za su nuna gargadi game da raguwa). A cikin lambobi da sunayen fayil, an maye gurbin nassoshi zuwa "blacklist" da "jerin katange". An maye gurbin nassoshi-bayyanannun mai amfani zuwa ga “blacklist” da “whitelist” a farkon 2019.
    An ƙara ikon gwaji don gyara kalmomin shiga da aka adana, ana kunna ta ta amfani da tutar "chrome://flags/#edit-passwords-in-settings".
  • An canza tsarin Tsarin Fayil na Asalin API zuwa nau'in tsayayye kuma akwai API na jama'a, yana ba ku damar ƙirƙirar aikace-aikacen yanar gizo waɗanda ke mu'amala da fayiloli a cikin tsarin fayil ɗin gida. Misali, sabuwar API ɗin na iya kasancewa cikin buƙata a cikin mahallin ci gaba na tushen burauza, rubutu, hoto da masu gyara bidiyo. Don samun damar rubutu da karanta fayiloli kai tsaye ko amfani da maganganu don buɗewa da adana fayiloli, da kuma kewaya cikin abubuwan da ke cikin kundayen adireshi, aikace-aikacen yana neman mai amfani don tabbatarwa ta musamman.
  • An ƙara mai zaɓin CSS ": Focus-visible", wanda ke amfani da irin aikin heuristics ɗin da mai bincike ke amfani da shi yayin yanke shawarar ko za a nuna alamar canjin mayar da hankali (lokacin da ake matsar da hankali zuwa maɓalli ta amfani da gajerun hanyoyin keyboard, mai nuna alama yana bayyana, amma lokacin dannawa da linzamin kwamfuta). , ba haka ba). Mai zaɓin CSS ɗin da aka samo a baya ": mayar da hankali" koyaushe yana ba da fifikon mayar da hankali. Bugu da ƙari, an ƙara zaɓin "Quick Focus Highlight" a cikin saitunan, lokacin da aka kunna, za a nuna ƙarin alamar mayar da hankali kusa da abubuwan da ke aiki, wanda ya kasance a bayyane ko da an kashe nau'ikan salo don nunawa na gani a shafi ta hanyar. CSS.
  • An ƙara sabbin APIs da yawa zuwa Yanayin Gwaji na Asalin (fasali na gwaji waɗanda ke buƙatar kunnawa daban). Gwajin Asalin yana nuna ikon yin aiki tare da ƙayyadaddun API daga aikace-aikacen da aka zazzage daga localhost ko 127.0.0.1, ko bayan yin rijista da karɓar wata alama ta musamman wacce ke aiki na ƙayyadadden lokaci don takamaiman rukunin yanar gizo.
  • API ɗin WebHID don ƙananan damar samun damar zuwa na'urorin HID (na'urorin haɗin gwiwar ɗan adam, maɓallan madannai, mice, gamepads, touchpads), wanda ke ba ku damar aiwatar da dabaru na aiki tare da na'urar HID a cikin JavaScript don tsara aiki tare da na'urorin HID masu wuya ba tare da kasancewar takamaiman direbobi a cikin tsarin. Da farko dai, sabon API yana nufin samar da tallafi ga gamepads.
  • API ɗin Bayanin allo, yana faɗaɗa Wurin Wurin Taga API don tallafawa saitin allo da yawa. Ba kamar window.screen ba, sabon API yana ba ku damar sarrafa wurin sanya taga a cikin sararin allo na tsarin sa ido da yawa, ba tare da iyakancewa ga allon na yanzu ba.
  • Meta tag na ajiyar baturi, wanda rukunin yanar gizon zai iya sanar da mai bincike game da buƙatar kunna hanyoyin don rage yawan amfani da wutar lantarki da haɓaka nauyin CPU.
  • API ɗin Rahoton COOP don ba da rahoton yuwuwar cin zarafi na Manufofin Cross-Origin-Embedder-Policy (COEP) da Keɓancewar Tsarin-Opener-Policy (COOP), ba tare da aiwatar da takamaiman hani ba.
  • API ɗin Gudanar da Sabis ɗin yana ba da sabon nau'in takaddun shaida, PaymentCredential, wanda ke ba da ƙarin tabbaci na ma'amalar biyan kuɗi da ake yi. Ƙungiya ta dogara, kamar banki, tana da ikon samar da maɓallin jama'a, PublicKeyCredential, wanda ɗan kasuwa zai iya nema don ƙarin tabbacin biyan kuɗi.
  • API ɗin PointerEvents don tantance karkatar da stylus* ya ƙara goyon baya ga kusurwar ɗagawa (kusurwar tsakanin salo da allon) da azimuth (kusurwar tsakanin axis X da tsinkayar stylus akan allon), maimakon Kusurwoyin TiltX da TiltY (kusurwoyin dake tsakanin jirgin daga stylus da daya daga cikin gatari da jirgin daga gatari Y da Z). Hakanan an ƙara ayyukan juyawa tsakanin tsayi/azimuth da TiltX/Tilty.
  • Canza yanayin ɓoye sarari a cikin URLs lokacin ƙididdige shi a cikin masu sarrafa yarjejeniya - hanyar navigator.registerProtocolHandler() yanzu ta maye gurbin sarari da "%20" maimakon "+", wanda ke haɗa halayen tare da wasu masu bincike kamar Firefox.
  • An ƙara wani abu mai ƙima ":: alama" zuwa CSS, yana ba ku damar tsara launi, girman, siffar da nau'in lambobi da dige-dige don jeri a cikin tubalan. Kuma .
  • Ƙara goyon baya ga Document-Policy HTTP header, wanda ke ba ka damar saita dokoki don samun dama ga takardu, kama da tsarin keɓewar akwatin sandbox don iframes, amma mafi duniya. Misali, ta Takardun Manufofin za ku iya iyakance amfani da ƙananan hotuna masu inganci, musaki jinkirin APIs JavaScript, saita dokoki don loda iframes, hotuna da rubutun, iyakance girman takaddun gabaɗaya da zirga-zirga, hana hanyoyin da ke haifar da sake fasalin shafi, da kuma musaki aikin Gungura-zuwa-Rubutu.
  • Zuwa kashi ƙarin tallafi don 'grid-inline-grid', 'grid', 'inline-flex' da 'flex' sigogi da aka saita ta hanyar 'nuni' CSS dukiya.
  • Ƙara hanyar ParentNode.replaceChildren() don maye gurbin duk yaran kullin iyaye tare da wani kumburin DOM. A baya can, zaku iya amfani da haɗin node.removeChild() da node.append() ko node.innerHTML da node.append() don maye gurbin nodes.
  • An faɗaɗa kewayon tsare-tsaren URL waɗanda za a iya soke su ta amfani da rajistaProtocolHandler() an faɗaɗa. Jerin tsare-tsare sun haɗa da ka'idodin ka'idojin da ba a san su ba, dat, did, dweb, ethereum, hyper, ipfs, ipns da ssb, wanda ke ba ku damar ayyana hanyoyin haɗin kai ga abubuwa ba tare da la’akari da rukunin yanar gizo ko ƙofar da ke ba da damar yin amfani da albarkatu ba.
  • Ƙara goyon baya don tsarin rubutu/html zuwa API ɗin Asynchronous Clipboard don yin kwafi da liƙa HTML ta hanyar allo (ana tsabtace ginin HTML masu haɗari lokacin rubutu da karantawa ga allo). Canjin, alal misali, yana ba ku damar tsara shigarwa da kwafin rubutun da aka tsara tare da hotuna da haɗin kai a cikin masu gyara gidan yanar gizo.
  • WebRTC ya kara da ikon haɗa masu sarrafa bayanan kansa, wanda ake kira a matakan ɓoye ko yankewa na WebRTC MediaStreamTrack. Misali, ana iya amfani da wannan damar don ƙara goyan baya don ɓoyayyen bayanan ƙarshe zuwa ƙarshe na bayanan da aka watsa ta hanyar sabar matsakaici.
    A cikin injin V8 JavaScript, an haɓaka aiwatar da Number.prototype.toString da kashi 75%. Ƙara kayan .suna zuwa azuzuwan asynchronous tare da fankon ƙima. An cire hanyar Atomics.wake, wanda a wani lokaci an sake masa suna zuwa Atomics.notify don biyan ƙayyadaddun ECMA-262. Lambar don kayan aikin gwajin fuzzing JS-Fuzzer a buɗe take.
  • Liftoff baseline compiler for WebAssembly fito a karshe saki ya hada da ikon yin amfani da SIMD vector umarnin don hanzarta lissafi. Yin la'akari da gwaje-gwajen, haɓakawa ya sa ya yiwu a hanzarta wasu gwaje-gwaje da sau 2.8. Wani ingantawa ya sa ya fi sauri don kiran ayyukan JavaScript da aka shigo da su daga Gidan Yanar Gizo.
  • An faɗaɗa kayan aikin masu haɓaka gidan yanar gizo: Kwamitin Media ya ƙara bayani game da 'yan wasan da aka yi amfani da su don kunna bidiyo akan shafin, gami da bayanan taron, rajistan ayyukan, ƙimar dukiya da sigogin yanke hukunci (misali, zaku iya tantance dalilan firam. asara da matsalolin hulɗa daga JavaScript).
  • A cikin mahallin mahallin menu na Elements panel, an ƙara ikon ƙirƙirar hotunan kariyar kwamfuta na abin da aka zaɓa (misali, zaku iya ƙirƙirar hoton allo na teburin abun ciki ko tebur).
  • A cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa, an maye gurbin kwamitin faɗakarwa na matsala tare da saƙo na yau da kullun, kuma matsaloli tare da Kukis na ɓangare na uku suna ɓoye ta tsohuwa a cikin batutuwan shafin kuma ana kunna su tare da akwati na musamman.
  • A cikin maballin Rendering, an ƙara maɓallin “Karɓaka fonts na gida, wanda ke ba ku damar kwaikwayi rashin haruffan gida, kuma a cikin shafin Sensors yanzu kuna iya kwaikwayi rashin aikin mai amfani (don aikace-aikacen da ke amfani da API ɗin Gano Idle).
  • Ƙungiyar Aikace-aikacen yana ba da cikakkun bayanai game da kowane iframe, taga bude, da kuma buɗaɗɗe, gami da bayani game da keɓewar Asalin Cross ta amfani da COEP da COOP.

An fara maye gurbin aiwatar da ƙa'idar QUIC da sigar da aka haɓaka a cikin ƙayyadaddun IETF, maimakon sigar Google ta QUIC.
Baya ga sabbin abubuwa da gyare-gyaren kwaro, sabon sigar yana kawar da lahani 35. Yawancin raunin da aka gano sakamakon gwajin atomatik ta amfani da AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer da kayan aikin AFL. Lalaci ɗaya (CVE-2020-15967, samun damar samun 'yantacciyar ƙwaƙwalwar ajiya a lamba don hulɗa tare da Biyan Google) ana yiwa alama alama mai mahimmanci, watau. yana ba ku damar ƙetare duk matakan kariya na burauza da aiwatar da lamba akan tsarin a wajen yanayin sandbox. A matsayin wani ɓangare na shirin biyan tukuicin kuɗi don gano lahani ga sakin na yanzu, Google ya biya lambobin yabo 27 da suka kai $71500 (kyautar $15000, lambobin yabo $7500 guda uku, lambobin yabo $5000, lambobin yabo $3000 biyu, lambar yabo $200, da lambobin yabo $500 guda biyu). Har yanzu ba a tantance girman lada 13 ba.

An ɗauko daga Opennet.ru

source: linux.org.ru

Add a comment