Chrome 83 saki

Google gabatar sakin yanar gizo Chrome 83... A lokaci guda akwai barga sakin aikin kyauta chromium, wanda shine tushen Chrome. Chrome browser daban amfani da tambarin Google, kasancewar tsarin aika sanarwa idan wani hatsari ya faru, da ikon zazzage na'urar Flash akan buƙatu, kayayyaki don kunna abun ciki na bidiyo mai kariya (DRM), tsarin shigar da sabuntawa ta atomatik da watsawa yayin bincike. RLZ sigogi. Sakamakon sauye-sauye na masu haɓakawa zuwa aiki daga gida a cikin barkewar cutar sankara ta SARS-CoV-2, an jinkirta sakin Chrome 82. rasa. An shirya sakin Chrome 84 na gaba don 14 ga Yuli.

Main canji в Chrome 83:

• An fara taro hadawa DNS akan yanayin HTTPS (DoH, DNS akan HTTPS) akan tsarin mai amfani waɗanda saitunan tsarin su ke ƙayyadad da masu samar da DNS waɗanda ke goyan bayan DoH (Za a kunna DoH na mai bada DNS iri ɗaya). Misali, idan mai amfani yana da DNS 8.8.8.8 da aka ƙayyade a cikin saitunan tsarin, to sabis ɗin DoH na Google (“https://dns.google.com/dns-query”) za a kunna a cikin Chrome; idan DNS shine 1.1.1.1. XNUMX, sannan sabis na DoH Cloudflare ("https://cloudflare-dns.com/dns-query"), da sauransu. Don kawar da matsaloli tare da warware hanyoyin intranet na kamfani, ba a amfani da DoH lokacin da ake tantance amfani da mai bincike akan tsarin sarrafawa na tsakiya. Hakanan ana kashe DoH lokacin da tsarin kulawar iyaye ke nan.
  Sarrafa kunna DoH da canza mai bada DoH ana aiwatar da shi ta hanyar daidaitaccen mai daidaitawa.
  

• Shawarwari новое sharewa abubuwa siffofin gidan yanar gizo waɗanda aka inganta don amfani akan allon taɓawa da tsarin ga mutanen da ke da nakasa. Microsoft ya inganta ƙirar a matsayin wani ɓangare na haɓaka mai binciken Edge kuma an tura shi zuwa babban tushen lambar Chromium. A baya can, an tsara wasu nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan tsarin aiki ne, wasu kuma an tsara su don dacewa da mafi shaharar salo. Saboda wannan, abubuwa daban-daban sun dace daban-daban don allon taɓawa, tsarin nakasa, da sarrafa madanni. Manufar sake yin aikin shine don haɗa nau'i nau'i nau'i nau'i da kuma kawar da rashin daidaituwa na salon.
  

• An canza fasalin sashin saitunan “Sirri da Tsaro”. kara da cewa sabbin kayan aiki don sarrafa tsaro. Saituna yanzu sun sami sauƙin samu kuma sun sami sauƙin fahimta. An ba da sassa na asali guda huɗu, waɗanda ke ɗauke da kayan aikin da ke da alaƙa da share tarihi, sarrafa Kukis da bayanan rukunin yanar gizo, hanyoyin tsaro da hani ko izini waɗanda ke da alaƙa da takamaiman shafuka. Mai amfani zai iya ba da sauri ba da damar toshe Kukis na ɓangare na uku don yanayin incognito ko duk rukunin yanar gizo, ko toshe duk kukis don takamaiman rukunin yanar gizo. Ana kunna sabon ƙirar kawai akan tsarin wasu masu amfani; wasu na iya kunna saitunan ta hanyar "chrome: // flags/#privacy-settings-redesign".
  

  Saitunan ƙayyadaddun rukunin yanar gizon sun kasu kashi-ƙasa - samun dama ga wuri, kyamara, makirufo, sanarwa da aika bayanan bango. Hakanan akwai sashe mai ƙarin saitunan don toshe JavaScript, hotuna da turawa akan wasu shafuka. Ayyukan mai amfani na ƙarshe da ke da alaƙa da canza izini ana haskakawa daban.

  

• A cikin yanayin incognito, toshe duk Kukis ɗin da wasu rukunin yanar gizo suka saita, gami da hanyoyin sadarwar talla da tsarin nazarin yanar gizo, ana kunna ta tsohuwa. An kuma ba da shawarar faɗaɗa hanyar sadarwa don sarrafa shigar da Kukis akan gidajen yanar gizo. Don sarrafawa, an samar da tutocin "chrome://flags/#improved-cookie-controls" da "chrome://flags/#improved-cookie-controls-for-party-cookie-blocking" Bayan kunna yanayin, sabon gunki yana bayyana a cikin adireshin adireshin; lokacin da aka danna, ana nuna adadin kukis ɗin da aka toshe kuma an ba da zaɓi don musaki tarewa. Kuna iya ganin waɗanne cookies ɗin aka ba da izinin kuma an toshe su don rukunin yanar gizon na yanzu a cikin sashin “Kukis” na menu na mahallin, wanda aka kira ta danna alamar makulli a mashin adireshi, ko a cikin saitunan.
  
  

• Saitunan suna ba da sabon maɓallin "Tsarin Tsaro", wanda ke ba da taƙaitaccen yiwuwar matsalolin tsaro, kamar amfani da kalmomin sirri da aka lalata, matsayi na duba wuraren da ba su da kyau (Browsing mai aminci), kasancewar sabbin abubuwan da ba a shigar da su ba da kuma gano malicious add. -ons.
  

• Manajan kalmar sirri ya kara iyawa cak duk bayanan shiga da kalmomin shiga da aka adana daga ma'ajin bayanan asusun da aka lalata tare da nuna gargadi idan an gano matsalolin (ana yin duba ne bisa duba prefix ɗin hash a gefen mai amfani; kalmomin sirri da kansu da cikakkun hashes ba a watsa su a waje). Ana gudanar da cak ɗin ne a kan bayanan da ke rufe sama da asusun ajiyar kuɗi biliyan 4 waɗanda suka bayyana a cikin bayanan bayanan masu amfani da aka leka. Hakanan ana nuna gargadi lokacin ƙoƙarin amfani da kalmomin sirri marasa mahimmanci kamar "abc123".
  

• Ƙaddamar da Yanayin kariya mai tsawo daga shafuka masu haɗari (Ingantacciyar Browsing mai aminci), wanda ke kunna ƙarin bincike don kare sirrin sirri, ayyukan mugunta da sauran barazana akan gidan yanar gizo. Ana kuma amfani da ƙarin kariya don asusun Google da ayyukan Google (Gmail, Drive, da sauransu). Idan a cikin yanayin Safe Browing na yau da kullun ana yin rajistan shiga cikin gida ta amfani da bayanan bayanan lokaci-lokaci ana loda akan tsarin abokin ciniki, to a cikin Ingantaccen Binciken Bincike game da shafuka da abubuwan zazzagewa a ainihin lokacin ana aika zuwa sabis na Binciken Tsaro na Google don tabbatarwa a gefen Google, wanda zai iya tabbatar da hakan. yana ba ku damar hanzarta amsa barazanar nan da nan bayan an gano su, ba tare da jiran sabunta jerin baƙaƙen gida ba.

  Don hanzarta aiki, yana goyan bayan pre-check akan masu sahihanci, waɗanda suka haɗa da hashes na dubban shahararru, amintattun shafuka. Idan shafin da ake buɗe ba ya cikin jerin fari, mai binciken yana bincika URL ɗin akan uwar garken Google, yana watsa farkon 32 bits na SHA-256 hash na hanyar haɗin yanar gizon, wanda zai yiwu a yanke bayanan sirri. A cewar Google, sabuwar hanyar za ta iya inganta tasirin faɗakarwa don sabbin rukunin yanar gizo na phishing da kashi 30%.

• Maimakon liƙa gumakan ƙara kai tsaye kusa da sandar adireshi, an aiwatar da sabon menu, wanda gunkin wasa ya nuna, wanda ke jera duk abubuwan da ake samu da kuma ikonsu. Bayan shigar da ƙari, mai amfani dole ne a yanzu ya ba da damar ƙarar gunkin da za a liƙa a kan panel, yayin da yake kimanta izinin da aka ba wa add-on a lokaci guda. Don tabbatar da cewa ƙari bai ɓace ba, nan da nan bayan shigarwa ana nuna alamar tare da bayani game da sabon ƙarawa. An kunna sabon menu ta tsohuwa don takamaiman adadin masu amfani, wasu na iya kunna ta ta amfani da saitin "chrome://flags/#extensions-toolbar-menu".
  

• An ƙara saitin "chrome://flags/#omnibox-context-menu-show-full-urls", idan an kunna shi, abin "Kullum yana nuna cikakken URL" yana bayyana a cikin mahallin menu na adireshin, yana hana murdiya URL. Mu tuna cewa a cikin Chrome 76 an fassara sandar adireshin ta tsohuwa don nuna hanyoyin haɗin yanar gizo ba tare da "https://", "http://" da "www." Akwai saitin da za a kashe wannan hali, amma a cikin Chrome 79 an cire shi kuma masu amfani sun rasa ikon nuna cikakken URL a cikin adireshin adireshin.
  

• Ga duk masu amfani, aikin haɗa shafin ("chrome://flags/#tab-groups") an kunna, wanda ke ba ku damar haɗa shafuka da yawa tare da dalilai iri ɗaya zuwa ƙungiyoyin da aka ware. Ana iya sanya kowace ƙungiya launi da sunanta. Bugu da ƙari, an ba da shawarar zaɓin gwaji don rugujewa da faɗaɗa ƙungiyoyi, wanda har yanzu bai yi aiki akan duk tsarin ba. Misali, labarai da yawa da ba a karanta ba za su iya rugujewa na ɗan lokaci, suna barin tambari kawai don kada su ɗauki sarari lokacin kewayawa, kuma su koma wurin su lokacin da suke komawa karatu. Don kunna yanayin, saitin da aka ba da shawarar shine "chrome://flags/#tab-groups-collapse".
  

• Ana kunna faɗakarwa ta tsohuwa lokacin ƙoƙarin yin hakan boot mara lafiya (ba tare da boye-boye ba) fayilolin aiwatarwa ta hanyar hanyoyin haɗin yanar gizo daga shafukan HTTPS (a cikin Chrome 84, za a toshe abubuwan zazzagewar fayilolin da za a iya aiwatarwa, kuma za a fara ba da gargaɗi don adana kayan tarihin). An lura cewa zazzage fayiloli ba tare da ɓoyewa ba za a iya amfani da su don aikata munanan ayyuka ta hanyar sauya abun ciki yayin harin MITM. Hakanan haramun ne zazzagewar fayil ɗin da aka fara daga keɓantattun tubalan iframe.
• Lokacin kunna Adobe Flash, an ƙara saƙon gargadi wanda ke nuna cewa tallafin wannan fasaha zai ƙare a watan Disamba 2020.
• An aiwatar da fasaha Amintattun iri, wanda ke ba ka damar toshe magudin DOM wanda ke haifar da rubutun giciye (DOM XSS), misali, lokacin da ba daidai ba sarrafa bayanan da aka karɓa daga mai amfani a cikin eval () blocks ko abubuwan sakawa na ".innerHTML", wanda zai iya haifar da lambar JavaScript. kashe a cikin mahallin wani takamaiman shafi. Amintattun nau'ikan suna buƙatar aiwatar da bayanai kafin a tura su zuwa ayyuka masu haɗari. Misali, lokacin da aka kunna Amintattun nau'ikan, yin "anElement.innerHTML = location.href" zai haifar da kuskure kuma yana buƙatar amfani da abubuwan TrustedHTML na musamman ko TrustedScript lokacin sanyawa. Ana yin ba da damar Amintattun Nau'o'in ta amfani da CSP (Manufofin-Tsaro-Tsaro-Tsaro).
• Kara sabon Manufofin Cross-Origin-Embedder-Cross-Origin-Opener-Policy HTTP headers don ba da damar keɓancewar asalin tushen asali na musamman don amintaccen amfani akan shafi na ayyuka masu gata kamar SharedArrayBuffer, Performance.measureMemory() da APIs masu bayyanawa waɗanda zasu iya zama da ake amfani da su wajen kai hare-haren tashoshi na gefe kamar su Specter. Yanayin keɓewa na asali kuma baya ƙyale ka canza dukiya.domain.
• An gabatar da sabon aiwatar da tsarin don duba damar samun albarkatu akan hanyar sadarwa - OOR-CORS (Bayyana Albarkatun Giciye-Origin-Asali). Tsohuwar aiwatarwa na iya bincika ainihin abubuwan injin Blink, XHR da Fetch API, amma bai rufe buƙatun HTTP da aka yi daga wasu na'urori na ciki ba. Sabon aiwatarwa yana magance wannan matsala.
• An ƙara sabbin APIs da yawa zuwa Yanayin Gwaji na Asalin (fasali na gwaji waɗanda ke buƙatar kunnawa daban). Gwajin Asalin yana nuna ikon yin aiki tare da ƙayyadaddun API daga aikace-aikacen da aka zazzage daga localhost ko 127.0.0.1, ko bayan yin rijista da karɓar wata alama ta musamman wacce ke aiki na ƙayyadadden lokaci don takamaiman rukunin yanar gizo.
  • API Tsarin Fayil na Asalin, wanda ke ba ka damar ƙirƙirar aikace-aikacen yanar gizo waɗanda ke hulɗa da fayiloli a cikin tsarin fayil na gida. Misali, sabuwar API ɗin na iya kasancewa cikin buƙata a cikin mahallin ci gaba na tushen burauza, rubutu, hoto da masu gyara bidiyo. Don samun damar rubutu da karanta fayiloli kai tsaye, yi amfani da maganganu don buɗewa da adana fayiloli, da kuma kewaya cikin abubuwan da ke cikin kundayen adireshi, aikace-aikacen yana tambayar mai amfani don tabbatarwa na musamman;
  • Hanyar Performance.measureMemory() don kimanta yawan amfanin ƙwaƙwalwar ajiya lokacin sarrafa aikace-aikacen gidan yanar gizo ko shafin yanar gizon. Ana iya amfani da shi don tantancewa da haɓaka yawan ƙwaƙwalwar ajiya a cikin aikace-aikacen yanar gizo, da kuma gano haɓakar haɓakar ƙwaƙwalwar ajiya.
  • Hanyar Jadawalin da aka ba da fifiko.postTask() don tsara ayyuka (kira javaScript) tare da matakan fifiko daban-daban (yana toshe aikin mai amfani, yana haifar da canje-canje na bayyane da aikin bango). Kuna iya amfani da abin TaskController don canza fifiko da soke ayyuka.
  • API WebRTC Rafukan da za a iya sakawa, ƙyale aikace-aikace don ƙirƙirar nasu masu sarrafa bayanan da aka yi amfani da su lokacin ɓoyewa da yankewa WebRTC MediaStreamTrack. Misali, ana iya amfani da API ɗin don samar da ɓoyayyen ɓoyayyiyar rafukan da ake watsawa ta hanyar sabar wucewa.
• API ɗin da aka ƙara Gano Barcode don ganowa da yanke lambar lambar a cikin takamaiman hoto. API ɗin yana aiki ne kawai akan na'urorin Android tare da shigar da Ayyukan Google Play.
• Ƙara meta tag tsarin launi, ƙyale rukunin yanar gizon ya ba da cikakken goyon baya ga jigon duhu ba tare da amfani da canje-canje na CSS ba.
• An ƙara ikon amfani da kayan aikin JavaScript a ciki raba ma'aikaci.
• IndexedDB IDBDatabase.transaction() sabuwar hujja ta kara da cewa
  "Durability", wanda ke ba ka damar sarrafa sake saitin bayanai zuwa drive. Ta hanyar wucewa darajar "annatawa" maimakon yanayin "tsattsauran ra'ayi", za ku iya sadaukar da aminci don yin aiki (a da Chrome yana zubar da bayanai zuwa faifai bayan rubuta kowace ma'amala).

• Added @Goyan bayan aikin zuwa mai zaɓi() don ba ka damar gano gaban masu zaɓin CSS (misali, za ka iya fara duba samuwar mai zaɓe kafin ka ɗaure masa salon CSS).

  @mai zaɓin goyon baya(:: a da) {
  div {baya: kore};
  }

• A cikin Intl.DateTimeFormat kara da cewa juzu'iSecondDigits dukiya don saita tsarin nunin juzu'i na sakanni.
• Injin V8 hanzarta bin diddigin ArrayBuffer a cikin mai tara shara. Ana ba da izinin samfuran WebAssembly su nemi har zuwa 4 GB na ƙwaƙwalwar ajiya.
• Kara sababbin kayan aiki don masu haɓaka gidan yanar gizo. Misali, wani yanayi ya bayyana don yin koyi da fahimtar shafi ta mutanen da ke da ƙarancin gani da nau'ikan makanta iri-iri. Hakanan an ƙara yanayin kwaikwayi canje-canje na gida, canzawa wanda ke shafar API Intl.*, *.prototype.toLocaleString, navigator.language, Karɓa-Harshe, da sauransu.
  

  COEP (Cross-Origin Embedder Policy) debugger an ƙara zuwa cibiyar duba ayyukan cibiyar sadarwa, yana ba ku damar kimanta dalilan toshe lodin wasu albarkatu akan hanyar sadarwar. An ƙara kalmar kalmar kuki-hanyar don tace buƙatun da ke ɗaure kuki zuwa takamaiman hanya.

  

  An ƙara yanayin maƙalli don kayan aikin haɓakawa a gefen hagu na allon.
  

  

  An sake fasalin hanyar sadarwa don bin diddigin lambar JavaScript mai tsawo.
  

  

• Sakamakon COVID-19, an jinkirta wasu canje-canjen da aka tsara. Misali, shafewa code don aiki tare da FTP sake tsarawa har abada. Haɗawa goyon bayan TLS 1.0/1.1 ladabi jinkirta kafin a saki Chrome 84. Na farko
  goyan baya ga mai gano alamomin Abokin ciniki (madadin zuwa Wakilin Mai amfani) shima jinkirta har zuwa Chrome 84. Yi aiki a kan Haɗin kai-Agent mai amfani dage shi zuwa shekara mai zuwa.

Baya ga sabbin abubuwa da gyare-gyaren kwaro, sabon sigar yana kawar da shi 38 rauni. An gano yawancin raunin da aka samu a sakamakon kayan aikin gwaji na atomatik Adireshin Sanitizer, Mai Sanitizer, Gudanar da Mutuncin Ruwa, LibFuzzer и AFL. Ba a gano wasu matsaloli masu mahimmanci waɗanda za su ba mutum damar ƙetare duk matakan kariya na burauza da aiwatar da lamba akan tsarin a wajen yanayin sandbox. A matsayin wani ɓangare na shirin bayar da ladan kuɗi don gano lahani ga sakin na yanzu, Google ya biya lambobin yabo 28 da suka kai dalar Amurka dubu 76 (kyautar $20000 ɗaya, lambar yabo ta $10000, lambobin yabo $7500 guda biyu, lambobin yabo $5000, lambobin yabo $3000 guda biyu, lambobin yabo $2000 $1000, kyautuka $500 $7, kyautuka $XNUMX $ biyu da kuma kyaututtuka $XNUMX takwas). Har yanzu ba a tantance girman lada guda XNUMX ba.

source: budenet.ru