🥇 Chrome 79 saki

Google gabatar sakin yanar gizo Chrome 79... A lokaci guda akwai barga sakin aikin kyauta chromium, wanda shine tushen Chrome. Chrome browser daban amfani da tambarin Google, kasancewar tsarin aika sanarwa idan wani hatsari ya faru, da ikon zazzage na'urar Flash akan buƙatu, kayayyaki don kunna abun ciki na bidiyo mai kariya (DRM), tsarin shigar da sabuntawa ta atomatik da watsawa yayin bincike. RLZ sigogi. An shirya sakin Chrome 80 na gaba don 4 ga Fabrairu.

Main canji в Chrome 79:

kunnawa Bangaren Duba kalmar sirri, wanda aka ƙera don tantance ƙarfin kalmomin shiga da mai amfani ke amfani da shi. Lokacin ƙoƙarin shiga kowane rukunin yanar gizon Binciken Kalmar wucewa cika duba shiga da kalmar sirri a kan bayanan bayanan asusun da ba su dace ba tare da gargadi idan an gano matsaloli (ana yin dubawa bisa maƙasudin hash a gefen mai amfani). Ana gudanar da cak ɗin ne a kan bayanan da ke rufe sama da asusun ajiyar kuɗi biliyan 4 waɗanda suka bayyana a cikin bayanan bayanan masu amfani da aka leka. Hakanan ana nuna gargadi lokacin ƙoƙarin amfani da kalmomin sirri marasa mahimmanci kamar "abc123". Don sarrafa haɗa da Binciken Kalmar wucewa, an aiwatar da saiti na musamman a cikin sashin "Aiki tare da Sabis na Google".
An gabatar da sabuwar fasaha don gano phishing a ainihin lokacin. A baya can, an yi tabbatuwa ta hanyar samun damar shiga cikin jerin baƙaƙen Safe Browsing, waɗanda aka sabunta kusan sau ɗaya kowane minti 30, waɗanda ba su isa ba, alal misali, cikin yanayin sauyawar yanki akai-akai daga maharan. Sabuwar hanyar tana ba ku damar bincika URLs akan tashi tare da bincike na farko akan masu sahihanci waɗanda suka haɗa da hashes na dubban shahararrun rukunin yanar gizo waɗanda amintattu ne. Idan shafin da ake buɗe ba ya cikin jerin fari, mai binciken yana bincika URL ɗin akan uwar garken Google, yana watsa farkon 32 bits na SHA-256 hash na hanyar haɗin yanar gizon, wanda zai yiwu a yanke bayanan sirri. A cewar Google, sabuwar hanyar za ta iya inganta tasirin faɗakarwa don sabbin rukunin yanar gizo na phishing da kashi 30%.
An ƙara kariya mai ƙarfi daga canja wurin takaddun shaida na Google da duk wasu kalmomin shiga da aka adana a cikin mai sarrafa kalmar sirri ta shafukan phishing. Idan kayi ƙoƙarin shigar da kalmar sirri da aka adana akan rukunin yanar gizon da ba a saba amfani da kalmar wucewa ba, za a gargaɗe mai amfani game da wani abu mai hatsarin gaske.
Haɗin kai ta amfani da TLS 1.0 da 1.1 yanzu suna nuna alamar haɗi mara tsaro. Cikakken goyan bayan TLS 1.0 da 1.1 za a kashe a cikin Chrome 81, wanda aka shirya don Maris 17, 2020.
Ƙara ikon daskare shafuka marasa aiki, yana ba ku damar saukewa ta atomatik daga shafukan ƙwaƙwalwar ajiya waɗanda ke bayan sama da mintuna 5 kuma ba sa aiwatar da ayyuka masu mahimmanci. An yanke shawara game da dacewa da wani shafi na musamman don daskarewa bisa la'akari da heuristics. Ana sarrafa kunna aikin ta hanyar "chrome://flags/#proactive-tab-freeze" flag.
Amintacce Toshe gauraye abun ciki akan shafukan da aka buɗe akan HTTPS don tabbatar da cewa shafukan da aka buɗe akan https:// sun ƙunshi albarkatun da aka ɗora akan amintaccen tashar sadarwa. Ko da yake an riga an toshe mafi hatsarin nau'ikan gauraye abun ciki, kamar rubutun da iframes, hotuna, fayilolin mai jiwuwa da bidiyoyi ana iya sauke su ta hanyar http://. Alamar abun ciki mai gauraya da aka yi amfani da ita a baya don irin waɗannan abubuwan da aka shigar an gano ba ta da tasiri da yaudara ga mai amfani, tun da ba ta samar da ƙima mai ma'ana game da amincin shafin ba. Misali, ta hanyar batsa hoto, maharin na iya musanya Kukis masu bin diddigin mai amfani, ko ƙoƙarin yin amfani da lahani a cikin na'urorin sarrafa hoto, ko yin jabu ta hanyar maye gurbin bayanan da aka bayar a hoton. Don musaki kulle abubuwan da aka gauraya, an ƙara saiti na musamman, wanda za'a iya shiga ta menu wanda ke bayyana lokacin da ka danna alamar kulle.
Ƙara ikon gwaji don raba abun ciki na allo tsakanin tebur da nau'ikan Chrome na wayar hannu. A cikin misalin Chrome da ke da alaƙa da asusu ɗaya, yanzu zaku iya samun damar abubuwan da ke cikin allo na wata na'ura, gami da raba allo tsakanin tsarin wayar hannu da tebur. Abubuwan da ke cikin faifan allo an ɓoye su ta amfani da ɓoye-ɓoye na ƙarshe-zuwa-ƙarshe, wanda ke hana samun damar yin amfani da rubutu akan sabar Google. Ana kunna aikin ta hanyar chrome://flags#shared-clipboard-receiver,chrome://flags#shared-clipboard-ui da chrome://flags#sync-clipboard-service.
A cikin adireshin adireshin a wasu lokuta (misali, lokacin adana kalmar sirri) lokacin da aka kashe aiki tare na bayanan martaba, ban da avatar, ana nuna sunan asusun Google na yanzu don mai amfani ya iya tantance asusun da ke aiki daidai.
Kunna don 1% na masu amfani goyon baya "DNS akan HTTPS" (DoH, DNS akan HTTPS). Gwajin ya ƙunshi masu amfani kawai waɗanda saitunan tsarin su sun riga sun ƙayyadaddun masu samar da DNS waɗanda ke goyan bayan DoH. Misali, idan mai amfani yana da DNS 8.8.8.8 da aka ƙayyade a cikin saitunan tsarin, to sabis ɗin DoH na Google (“https://dns.google.com/dns-query”) za a kunna a cikin Chrome; idan DNS shine 1.1.1.1. XNUMX, sannan sabis na DoH Cloudflare ("https://cloudflare-dns.com/dns-query"), da sauransu. Don sarrafa ko an kunna DoH, an samar da saitin "chrome://flags/#dns-over-https". Ana tallafawa hanyoyin aiki guda uku: amintacce, atomatik da kashewa. A cikin yanayin “amintaccen”, ana ƙididdige runduna ne kawai bisa amintattun ƙimar da aka adana a baya (wanda aka karɓa ta hanyar amintaccen haɗi) da buƙatun ta hanyar DoH; ba a amfani da koma baya ga DNS na yau da kullun. A cikin yanayin "atomatik", idan babu DoH da amintaccen cache, za'a iya dawo da bayanai daga ma'ajin mara tsaro da samun dama ta hanyar DNS na gargajiya. A cikin yanayin "kashe", an fara bincika cache ɗin da aka raba kuma idan babu bayanai, ana aika buƙatar ta hanyar tsarin DNS.
Ƙara gwaji goyon baya caching na abun ciki da aka yi lokacin canza shafuka ta amfani da maɓallan gaba da baya, wanda zai iya rage jinkiri sosai yayin wannan nau'in kewayawa saboda cikakken caching na duka shafin, wanda baya buƙatar sake fasalin da loda kayan aiki. Ana iya lura da haɓakawa musamman a cikin sigar don na'urorin hannu, inda haɓaka aikin yayin kewayawa ya kai 19%. An kunna yanayin ta amfani da zaɓin "chrome://flags#back-forward-cache".
An share saita "chrome: // flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains", wanda ya ba da damar dawo da nunin yarjejeniya a mashigin adireshin (yanzu duk hanyoyin haɗin suna koyaushe ana nuna su ba tare da https ba. : // da http://, da kuma ba tare da "www.").
Gina don Windows sun haɗa da sandboxing na sabis na sake kunna sauti. Don sarrafa ko an kunna keɓewa, ana ba da shawarar kadarar AudioSandboxEnabled.
Kayan aikin gudanarwa na tsakiya don kamfanoni sun haɗa da ikon ayyana ƙa'idodi waɗanda ke sarrafa adadin ƙwaƙwalwar ajiyar misalin mai bincike zai iya cinyewa kafin a sauke bayanan bayanan. Ƙwaƙwalwar ajiyar da aka saki bayan zazzage shafin yana samuwa don amfani, kuma ana sake loda abubuwan da ke cikin shafin lokacin canzawa zuwa gare ta.
Linux yana amfani da ginanniyar injin tabbatar da takaddun shaida, wanda ke maye gurbin tsarin NSS da aka yi amfani da shi a baya. A wannan yanayin, ginannen na'ura mai sarrafawa yana ci gaba da yin amfani da kantin NSS yayin tabbatarwa, amma yana ɗora ƙarin buƙatu masu tsauri lokacin aiki da ɓoyayyen ɓoye da takaddun takaddun shaida daban (duk takaddun shaida dole ne a sami bokan ta ikon takaddun shaida).
A cikin sigar dandamali na Android kara da cewa ikon sanya gumaka masu daidaitawa don shigar da aikace-aikacen gidan yanar gizon da ke gudana a cikin yanayin Ayyukan Yanar Gizon Ci gaba (PWA). Gumakan daidaitawa na iya daidaitawa da keɓancewar keɓancewar da mai kera na'urar ke amfani da shi, misali, kasancewa zagaye, murabba'i, ko tare da santsi.
Kara API Na'urar WebXR, wanda ke ba da damar yin amfani da abubuwan haɗin gwiwa don ƙirƙirar gaskiya da haɓaka gaskiya. API ɗin yana ba ku damar haɗa aiki tare da nau'ikan na'urori daban-daban, daga na'urorin kai tsaye na gaskiya kamar Oculus Rift, HTC Vive da Windows Mixed Reality, zuwa mafita dangane da na'urorin hannu kamar Google Daydream View da Samsung Gear VR. Aikace-aikacen da sabon API ɗin zai iya amfani da su sun haɗa da shirye-shirye don kallon bidiyo a cikin yanayin 360 °, tsarin don ganin sararin samaniya mai girma uku, ƙirƙirar cinemas mai kama-da-wane don gabatar da bidiyo, gudanar da gwaje-gwaje akan ƙirƙirar hanyoyin 3D don shaguna da ɗakunan ajiya;
A Yanayin Gwaji na Asali (fasalolin gwaji waɗanda ke buƙatar keɓancewa kunnawa) an gabatar da sabbin APIs da yawa. Gwajin Asalin yana nuna ikon yin aiki tare da ƙayyadaddun API daga aikace-aikacen da aka zazzage daga localhost ko 127.0.0.1, ko bayan yin rijista da karɓar wata alama ta musamman wacce ke aiki na ƙayyadadden lokaci don takamaiman rukunin yanar gizo.
- Ga duk abubuwan HTML, ana ba da shawarar sifa ta "rendersubtree", wanda ke tabbatar da cewa an gyara nunin ɓangaren DOM. Saita sifa zuwa "marasa-ganuwa" zai hana abubuwan da ke cikin abun ciki daga yin ko duba su, ba da damar ingantaccen nunawa. Lokacin da aka saita zuwa "aikin kunnawa", mai binciken zai cire sifa marar ganuwa, sanya abun ciki kuma ya bayyana shi.
- Ƙara zaɓin API Kulle farkawa dangane da tsarin Alkawari, wanda ke ba da ingantacciyar hanya don sarrafa nakasawar allon kulle-kulle da canza na'urori zuwa hanyoyin adana wutar lantarki.
An aiwatar da ikon yin amfani da sifa auto mayar da hankali don duk abubuwan HTML da SVG waɗanda zasu iya samun mayar da hankali ga shigarwa.
Don hotuna da bidiyo amintattu Yi ƙididdige ma'aunin al'amari dangane da Halayen Nisa ko Tsawo, waɗanda za a iya amfani da su don tantance girman hoton ta amfani da CSS a matakin da hoton bai riga ya loda ba (yana magance matsalar sake gina shafin bayan an ɗora hotuna).
Ƙara kayan CSS font-na gani-sizing, wanda ke saita girman font ɗin ta atomatik a cikin daidaitawar gani"opsz", idan font ya goyi bayan su. Yanayin yana ba ku damar zaɓar mafi kyawun siffar glyph don ƙayyadadden girman, alal misali, yi amfani da ƙarin bambance-bambancen glyphs don kanun labarai.
Ƙara kayan CSS nau'in lissafin-style, wanda ke ba ka damar amfani da kowane alamomi maimakon lokaci a cikin jeri, misali, "-", "+", "★" da "▸".
Idan ba zai yiwu ba don aiwatar da Worklet.addModule (), an dawo da wani abu a yanzu tare da cikakkun bayanai game da yanayin kuskuren, wanda ke ba ka damar tantance ainihin dalilin kuskuren (matsaloli tare da haɗin cibiyar sadarwa, kuskuren rubutu, da dai sauransu). .).
An dakatar da sarrafa abubuwa при их перемещении между документами. При переносе между документами также отключено выполнение связанных со скриптом событий «error» и «load».
A cikin injin JavaScript V8 za'ayi Haɓaka sauye-sauyen sarrafawa ga wakilcin filayen cikin abubuwa, yana haifar da aiwatar da lambar AngularJS a cikin ɗakin gwajin Speedometer yana gudana da sauri 4%.
V8 kuma yana inganta sarrafa abubuwan da aka ayyana a cikin APIs da aka gina, kamar Node.nodeType da Node.nodeName, in babu mai sarrafa IC (caching na layi). Canjin ya rage lokacin da ake kashewa akan lokacin aikin IC da kusan 12% lokacin gudanar da gwajin Backbone da jQuery daga ɗakin Speedometer.
Sakamakon tsarin OSR (wanda ake kira maye gurbin-tari) yana ɓoye, wanda ke maye gurbin ingantaccen lambar yayin aiwatar da aiki (ba ka damar fara amfani da ingantaccen lambar don ayyuka masu tsayi ba tare da jiran su sake gudu ba). Caching OSR yana ba da damar yin amfani da sakamakon ingantawa yayin sake gudanar da aikin, ba tare da buƙatar sake ingantawa ba.
A wasu gwaje-gwajen, canjin ya ƙaru da 5-18%.
Canje-canje na kayan aikin don masu haɓaka gidan yanar gizo:
- A cikin toshe tare da jerin kukis, ikon duba ƙimar kuki ɗin da aka zaɓa da sauri an ƙara ta danna kan takamaiman layi.
- An ƙara ikon yin kwatancen saituna daban-daban don tsarin fi son-launi kuma ya fi son-rage-rage-motsi tambayoyin kafofin watsa labarai (misali, don gwada halayen shafin tare da jigon tsarin duhu ko tare da tasirin rayayye).
- An sabunta ƙirar shafin Rufewa, yana ba ku damar kimanta lambar da aka yi amfani da ita kuma ba a yi amfani da ita ba. An ƙara ikon tace bayanai ta nau'in sa (JavaScript, CSS). Hakanan ana ƙara bayanin amfani da lamba lokacin nuna rubutun tushe.
- Ƙara ikon yin kuskuren dalilan neman takamaiman hanyar sadarwa bayan yin rikodin ayyukan cibiyar sadarwa (zaku iya duba alamar kiran lambar JavaScript wanda ya haifar da loda albarkatun).
- An ƙara saitin "Saituna> Zaɓuɓɓuka> Maɓuɓɓuka> Tsohuwar Indentation" don tantance nau'in shigarwa (farufi 2/4/8 ko shafuka) a cikin lambar da aka nuna a cikin Console da Panels Sources.

Baya ga sabbin abubuwa da gyare-gyaren kwaro, sabon sigar tana kawar da lahani 51. Yawancin raunin da aka gano sakamakon gwajin atomatik ta amfani da AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer da kayan aikin AFL. Batutuwa guda biyu (CVE-2019-13725, samun dama ga ƙwaƙwalwar ajiya da aka rigaya a cikin lambar don tallafin Bluetooth, da CVE-2019-13726, tsibi mai yawa a cikin mai sarrafa kalmar sirri) ana yiwa alama da mahimmanci, watau. ba ka damar ƙetare duk matakan kariya na burauza da aiwatar da lamba akan tsarin a wajen yanayin sandbox. Wannan shine karo na farko da aka gano matsaloli biyu masu mahimmanci a cikin tsarin ci gaba iri ɗaya a cikin Chrome. Masu bincike daga Lab Tsaro na Tencent Keen da nuna a gasar cin kofin Tianfu, kuma na biyu Sergei Glazunov ya samo shi daga Google Project Zero.

A matsayin wani ɓangare na shirin bayar da ladan kuɗi don gano lahani ga sakin na yanzu, Google ya biya lambobin yabo 37 da suka kai $80000 (kyautar $20000 ɗaya, lambar yabo ta $10000, lambobin yabo $7500 guda biyu, lambobin yabo $5000, lambar yabo $3000 ɗaya, lambar yabo $2000 guda biyu, lambar yabo $1000 guda biyu. $500 kyauta). Har yanzu ba a tantance girman lada 15 ba.

source: budenet.ru

Chrome 79 saki

Add a comment Отменить ответ