Google ya ba da shawarar cewa masu haɓaka burauzar suna gabatar da toshewar nau'ikan fayil masu haɗari idan an buɗe shafin da ke nufin zazzagewa ta HTTPS, amma an fara zazzagewa ba tare da ɓoyewa ta HTTP ba.
Matsalar ita ce babu alamar tsaro yayin zazzagewa, fayil ɗin yana saukewa ne a bango. Lokacin da aka ƙaddamar da irin wannan zazzagewa daga shafin da aka buɗe ta hanyar HTTP, an riga an gargaɗi mai amfani a mashigin adireshin cewa rukunin yanar gizon ba shi da aminci. Amma idan an buɗe rukunin yanar gizon akan HTTPS, akwai alamar amintacciyar hanyar haɗi a cikin adireshin adireshin kuma mai amfani na iya samun ra'ayi na ƙarya cewa zazzagewar da ake yi ta amfani da HTTP amintattu ne, yayin da ana iya maye gurbin abun cikin sakamakon ƙeta. aiki.
An ba da shawarar toshe fayiloli tare da kari na exe, dmg, crx ( kari na Chrome), zip, gzip, rar, tar, bzip da sauran shahararrun tsarin adana kayan tarihi waɗanda ake ɗauka musamman masu haɗari kuma galibi ana amfani da su don rarraba malware. Google yana shirin ƙara shirin toshewa kawai zuwa nau'in tebur na Chrome, tunda Chrome don Android ya riga ya toshe zazzage abubuwan fakitin APK ta hanyar Safe Browsing.
Wakilan Mozilla sun yi sha'awar wannan shawara kuma sun bayyana shirye-shiryensu na tafiya ta wannan hanyar, amma sun ba da shawarar tattara ƙarin ƙididdiga masu yawa game da yiwuwar mummunan tasiri ga tsarin saukewar da ake ciki. Misali, wasu kamfanoni suna aiwatar da zazzagewa marasa aminci daga amintattun shafuka, amma ana cire barazanar yin sulhu ta hanyar sanya hannu a cikin fayilolin.
source: budenet.ru