Google sakin yanar gizo ... A lokaci guda barga sakin aikin kyauta , wanda shine tushen Chrome. Chrome browser amfani da tambarin Google, kasancewar tsarin aika sanarwa idan wani hatsari ya faru, da ikon zazzage na'urar Flash akan buƙatu, kayayyaki don kunna abun ciki na bidiyo mai kariya (DRM), tsarin shigar da sabuntawa ta atomatik da watsawa yayin bincike. . An shirya sakin Chrome 87 na gaba a ranar 17 ga Nuwamba.
:
- Ƙara kariya daga rashin aminci na ƙaddamar da fom ɗin shigarwa akan shafukan da aka ɗora ta hanyar HTTPS amma aika bayanai ta HTTP, wanda ke haifar da barazanar kutsewar bayanai da ɓarna yayin hare-haren MITM. Kariya yana zuwa ga canje-canje uku:
- An kashe cikar kowane nau'in shigarwar da aka gauraya ta atomatik, kama da yadda aka kashe cikar auto-cike na takaddun shaida akan shafukan da aka buɗe ta hanyar HTTP na ɗan lokaci kaɗan. Idan a baya alamar kashewa tana buɗe shafi tare da fom ta HTTPS ko HTTP, yanzu ana la'akari da amfani da ɓoyewa yayin aika bayanai zuwa ga mai sarrafa fom. Ba a kashe mai sarrafa kalmar sirri don gaurayawan nau'ikan tantancewa ba, tunda haɗarin amfani da kalmar sirri mara tsaro da sake amfani da kalmomin shiga a shafuka daban-daban ya zarce haɗarin yuwuwar kutsewar hanya.
- Lokacin da aka fara shigar da nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan nau'ikan da za a fara shigarwa ana nuna gargaɗin da ke sanar da mai amfani cewa ana aika bayanan da aka kammala ta hanyar hanyar sadarwar da ba ta ɓoye ba.
- Lokacin da kuke ƙoƙarin ƙaddamar da fom ɗin da aka gauraya, ana nuna wani shafi na daban wanda ke sanar da ku yuwuwar haɗarin watsa bayanai akan tashar sadarwar da ba ta ɓoye ba. A cikin sigar da ta gabata, an yi amfani da alamar makulli a mashin adireshi don nuna gauraye nau'i, amma wannan alamar ba ta fito fili ga masu amfani ba kuma baya nuna yadda haɗarin ke tattare da shi.
- Toshewa (ba tare da boye-boye) na fayilolin da za a iya aiwatarwa ana ƙara su ta hanyar toshe ɓoyayyun abubuwan da ba su da tsaro (zip, iso, da sauransu) da kuma nuna gargaɗi don saukarwa mara inganci.
takardun (docx, pdf, da dai sauransu). Ana sa ran toshe daftarin aiki da gargadi don hotuna, rubutu, da fayilolin mai jarida a cikin saki na gaba. Ana aiwatar da toshewar saboda ana iya amfani da zazzage fayiloli ba tare da ɓoyewa ba don yin munanan ayyuka ta maye gurbin abun ciki yayin harin MITM. - Menu na mahallin tsoho yana nuna zaɓin "Koyaushe nuna cikakken URL", wanda a baya yana buƙatar canza saitunan akan shafin game da: flags don kunnawa. Hakanan za'a iya duba cikakken URL ta danna sau biyu akan mashin adireshi. Bari mu tuna cewa farawa daga Ta hanyar tsoho, adireshin ya fara nunawa ba tare da yarjejeniya ba da www. IN An cire saitin dawo da tsohon hali, amma bayan rashin gamsuwa da mai amfani da shi An ƙara sabon tutar gwaji wanda ke ƙara zaɓi zuwa menu na mahallin don kashe ɓoyewa da nuna cikakken URL a kowane yanayi.
- An ƙaddamar don ƙaramin kashi na masu amfani a kan Ta hanyar tsoho, sandar adireshin ya ƙunshi yanki kawai, ba tare da abubuwan hanya da sigogin tambaya ba. Misali, maimakon "https://example.com/secure-google-sign-in/" zai nuna "example.com". Ana sa ran za a kawo yanayin da aka tsara ga duk masu amfani a cikin ɗayan fitowar ta gaba. Don musaki wannan ɗabi'a, zaku iya amfani da zaɓin "Ku nuna cikakken URL koyaushe", kuma don duba URL gaba ɗaya, kuna iya danna mashigin adireshin. Dalilin canjin shine sha'awar kare masu amfani daga phishing wanda ke sarrafa sigogi a cikin URL - maharan suna amfani da rashin kulawar masu amfani don ƙirƙirar bayyanar buɗe wani rukunin yanar gizon da aikata ayyukan zamba (idan irin waɗannan canje-canje a bayyane suke ga mai amfani da fasaha. , sannan mutanen da ba su da kwarewa cikin sauƙi sun faɗi don irin wannan magudi mai sauƙi).
- Ci gaba don cire tallafin FTP. A cikin Chrome 86, FTP an kashe ta tsohuwa don kusan 1% na masu amfani, kuma a cikin Chrome 87 za a ƙara iyakar nakasa zuwa 50%, amma ana iya dawo da tallafi ta amfani da "-enable-ftp" ko "- -enable-features=FtpProtocol" tuta. A cikin Chrome 88, tallafin FTP za a kashe gabaɗaya.
- A cikin sigar Android, mai kama da sigar na tsarin tebur, mai sarrafa kalmar sirri yana aiwatar da rajistan shiga da kalmomin shiga da aka adana a kan rumbun adana bayanan da ba su dace ba, yana nuna gargaɗi idan an gano matsaloli ko aka yi ƙoƙarin amfani da kalmomin shiga marasa mahimmanci. Ana gudanar da cak ɗin ne a kan bayanan da ke rufe sama da asusun ajiyar kuɗi biliyan 4 waɗanda suka bayyana a cikin bayanan bayanan masu amfani da aka leka. Don kiyaye sirri An tabbatar da prefix ɗin hash a gefen mai amfani, kuma kalmar sirri da kansu da cikakkun hashes ba a watsa su a waje.
- Akwai kuma a cikin Android version maɓallin “Duba Tsaro” da ingantaccen yanayin kariya daga rukunin yanar gizo masu haɗari (Ingantacciyar Browsing Lafiya). Maballin "Duba Tsaro" yana nuna taƙaitaccen abubuwan tsaro masu yiwuwa, kamar amfani da kalmomin sirri da aka lalata, matsayin bincika wuraren ɓoyayyiya (Lafiya Browsing), kasancewar sabbin abubuwan da ba a shigar da su ba, da gano ƙarin abubuwan ƙarawa masu ɓarna. Yanayin kariya na ci gaba yana kunna ƙarin bincike don kare kai daga masu saɓo, ayyukan mugunta da sauran barazana akan gidan yanar gizon, kuma ya haɗa da ƙarin kariya don asusun Google da ayyukan Google (Gmail, Drive, da sauransu). Idan a cikin yanayin Safe Browing na yau da kullun ana yin rajistan shiga cikin gida ta amfani da bayanan bayanan lokaci-lokaci ana loda akan tsarin abokin ciniki, to a cikin Ingantaccen Binciken Bincike game da shafuka da abubuwan zazzagewa a ainihin lokacin ana aika don tabbatarwa a gefen Google, wanda ke ba ku damar amsawa da sauri. barazanar kai tsaye bayan an gano su, ba tare da jira har sai an sabunta jerin baƙaƙen gida ba.
- goyan bayan fayil ɗin mai nuna “.sanannen/canza kalmar sirri”, wanda masu rukunin yanar gizon zasu iya tantance adireshin hanyar yanar gizo don canza kalmar sirri. Idan an lalata bayanan shaidar mai amfani, Chrome yanzu zai tura mai amfani nan take da fom ɗin canza kalmar sirri dangane da bayanin da ke cikin wannan fayil ɗin.
- An aiwatar da sabon gargaɗin “Tsarin Tsaro”, wanda aka nuna lokacin buɗe rukunin yanar gizo waɗanda yankinsu ya yi kama da wani rukunin yanar gizo kuma masana ilimin kimiya sun nuna cewa akwai yuwuwar yin ɓarna (misali, ana buɗe goog0le.com maimakon google.com).
- goyan bayan cache na baya-gaba, wanda ke ba da kewayawa kai tsaye lokacin amfani da maɓallan "Baya" da "Gaba" ko lokacin kewayawa ta shafukan da aka gani a baya na rukunin yanar gizon yanzu. An kunna cache ta amfani da chrome://flags/#back-forward-cache saitin.
- An aiwatar da ingantaccen amfani da albarkatun CPU ta windows
daga kan iyaka. Chrome yana duba ko taga burauzar yana lullube da wasu windows kuma yana hana zana pixels a wuraren da suka zoba. An kunna wannan haɓakawa don ƙaramin adadin masu amfani a cikin Chrome 84 da 85 kuma yanzu an kunna shi a ko'ina. Idan aka kwatanta da fitowar da ta gabata, an warware rashin jituwa tare da tsarin ƙima wanda ya haifar da bayyanar fararen fararen shafuka. - Ƙara kayan gyara kayan aiki don shafukan bango. Irin waɗannan shafuka ba za su iya ci fiye da 1% na albarkatun CPU ba kuma ana iya kunna su ba fiye da sau ɗaya a minti ɗaya ba. Bayan mintuna biyar na kasancewa a bango, shafuka suna daskarewa, ban da shafuka masu kunna abun ciki na multimedia ko rikodi.
- Aiki a kan HTTP mai taken User-Agent. A cikin sabon sigar, ana kunna goyan bayan tsarin don duk masu amfani , wanda aka haɓaka azaman madadin mai amfani-Agent. Sabuwar tsarin ya ƙunshi zaɓin mayar da bayanai game da takamaiman ma'aunin bincike da tsarin (siffa, dandamali, da sauransu) kawai bayan buƙatar uwar garken da ba masu amfani damar zaɓin ba da irin wannan bayanin ga masu rukunin yanar gizon. Lokacin amfani da Alamomin Abokin Hulɗa na Mai amfani, ba a aika mai ganowa ta tsohuwa ba tare da buƙatun fayyace ba, wanda ke sa ba zai yuwu ba (ta tsohuwa, sunan burauza kawai ake nunawa).
- An canza alamar kasancewar sabuntawa da buƙatar sake kunna mai binciken don shigar da shi. Maimakon kibiya mai launi, "Sabuntawa" yanzu yana bayyana a filin avatar asusu.
- An gudanar da aiki don canza mai binciken zuwa amfani da kalmomi masu haɗaka. A cikin sunayen manufofin, an maye gurbin kalmomin "whitelist" da "blacklist" tare da "allowlist" da "blocklist" ( riga da aka ƙara manufofin za su ci gaba da aiki, amma za su nuna gargadi game da raguwa). IN и An maye gurbin nassoshi zuwa "blacklist" da "littafin block".
An maye gurbin nassoshi-bayyanannun mai amfani zuwa ga “blacklist” da “whitelist” a farkon 2019. - An ƙara ikon gwaji don gyara kalmomin shiga da aka adana, ana kunna ta ta amfani da tutar "chrome://flags/#edit-passwords-in-settings".
- Juyawa zuwa tsayayyu kuma API na jama'a , wanda ke ba ka damar ƙirƙirar aikace-aikacen yanar gizo waɗanda ke hulɗa da fayiloli a cikin tsarin fayil na gida. Misali, sabuwar API ɗin na iya kasancewa cikin buƙata a cikin mahallin ci gaba na tushen burauza, rubutu, hoto da masu gyara bidiyo. Don samun damar rubutu da karanta fayiloli kai tsaye ko amfani da maganganu don buɗewa da adana fayiloli, da kuma kewaya cikin abubuwan da ke cikin kundayen adireshi, aikace-aikacen yana neman mai amfani don tabbatarwa ta musamman.
- Ƙara mai zaɓin CSS"", wanda ke amfani da nau'ikan ilimin lissafi iri ɗaya wanda mai bincike ke amfani da shi lokacin yanke shawarar ko zai nuna alamar canjin mayar da hankali (lokacin da ake matsar da hankali zuwa maɓalli ta amfani da gajerun hanyoyin keyboard, mai nuna alama yana bayyana, amma lokacin danna linzamin kwamfuta, ba ya). Mai zaɓin CSS ɗin da aka samo a baya ": mayar da hankali" koyaushe yana ba da fifikon mayar da hankali.
Bugu da ƙari, an ƙara zaɓin "Quick Focus Highlight" a cikin saitunan, lokacin da aka kunna, za a nuna ƙarin alamar mayar da hankali kusa da abubuwan da ke aiki, wanda ya kasance a bayyane ko da an kashe nau'ikan salo don nunawa na gani a shafi ta hanyar. CSS. - An ƙara sabbin APIs da yawa zuwa Yanayin Gwaji na Asalin (fasali na gwaji waɗanda ke buƙatar kunnawa daban). Gwajin Asalin yana nuna ikon yin aiki tare da ƙayyadaddun API daga aikace-aikacen da aka zazzage daga localhost ko 127.0.0.1, ko bayan yin rijista da karɓar wata alama ta musamman wacce ke aiki na ƙayyadadden lokaci don takamaiman rukunin yanar gizo.
- don ƙananan damar samun damar zuwa na'urorin HID (na'urorin haɗin gwiwar ɗan adam, maɓallan madannai, mice, gamepads, bangarori na taɓawa), yana ba ku damar aiwatar da dabarun aiki tare da na'urar HID a cikin JavaScript don tsara aiki tare da na'urorin HID da ba su da yawa ba tare da kasancewar takamaiman direbobi ba. a cikin tsarin.
Da farko dai, sabon API yana nufin samar da tallafi ga gamepads. - , yana faɗaɗa API ɗin Wurin Wuta don tallafawa daidaitawar allo mai yawa. Ba kamar window.screen ba, sabon API yana ba ku damar sarrafa wurin sanya taga a cikin sararin allo na tsarin sa ido da yawa, ba tare da iyakancewa ga allon na yanzu ba.
- Meta tag , wanda rukunin yanar gizon zai iya sanar da mai bincike game da buƙatar kunna hanyoyin don rage yawan amfani da wutar lantarki da haɓaka nauyin CPU.
- API don ba da rahoton yiwuwar keta dokokin keɓewa (COEP) da (COOP), ba tare da aiwatar da hani na ainihi ba.
- A cikin API an gabatar da sabon nau'in takaddun shaida , samar da ƙarin tabbaci na ma'amalar biyan kuɗi da ake yi. Ƙungiya ta dogara, kamar banki, tana da ikon samar da maɓallin jama'a, PublicKeyCredential, wanda ɗan kasuwa zai iya nema don ƙarin tabbacin biyan kuɗi.
- don ƙananan damar samun damar zuwa na'urorin HID (na'urorin haɗin gwiwar ɗan adam, maɓallan madannai, mice, gamepads, bangarori na taɓawa), yana ba ku damar aiwatar da dabarun aiki tare da na'urar HID a cikin JavaScript don tsara aiki tare da na'urorin HID da ba su da yawa ba tare da kasancewar takamaiman direbobi ba. a cikin tsarin.
- A cikin API don ƙayyade karkatar da stylus, an ƙara goyon baya don kusurwoyi masu tsayi (kusurwar da ke tsakanin stylus da allon) da azimuth (kusurwar da ke tsakanin X axis da tsinkayar stylus akan allon), maimakon TiltX da Kuskuren karkatar da hankali (kusurwar da ke tsakanin jirgin daga stylus da ɗaya daga cikin gatari da jirgin daga gatari Y da Y Z). Hakanan an ƙara ayyukan juyawa tsakanin tsayi/azimuth da TiltX/Tilty.
- Canza yanayin ɓoye sarari a cikin URLs lokacin ƙididdige shi a cikin masu sarrafa yarjejeniya - hanyar navigator.registerProtocolHandler() yanzu ta maye gurbin sarari da "%20" maimakon "+", wanda ke haɗa halayen tare da wasu masu bincike kamar Firefox.
- An ƙara CSS-zaɓi"", wanda ke ba ku damar tsara launi, girman, siffar da nau'in lambobi da maki don jeri a cikin tubalan Kuma .
- Ƙara goyon bayan taken HTTP , dokoki don samun dama ga takardu, kama da tsarin keɓewar akwatin sandbox don iframes, amma ƙari na duniya. Misali, ta Takardun Manufofin za ku iya iyakance amfani da ƙananan hotuna masu inganci, kashe jinkirin APIs JavaScript, saita dokoki don loda iframes, hotuna da rubutun, iyakance girman takaddun gabaɗaya da zirga-zirga, hana hanyoyin da ke haifar da sake fasalin shafi, kashe aikin .
- Zuwa kashi ƙarin tallafi don 'grid-inline-grid', 'grid', 'inline-flex' da 'flex' sigogi da aka saita ta hanyar 'nuni' CSS dukiya.
- Hanyar da aka ƙara don maye gurbin duk yaran kullin iyaye tare da wani kumburin DOM. A baya can, zaku iya amfani da haɗin node.removeChild() da node.append() ko node.innerHTML da node.append() don maye gurbin nodes.
- kewayon tsare-tsaren URL da aka yarda a soke su ta amfani da rajistaProtocolHandler(). Jerin tsare-tsare sun haɗa da ka'idodin ka'idojin da ba a san su ba, dat, did, dweb, ethereum, hyper, ipfs, ipns da ssb, wanda ke ba ku damar ayyana hanyoyin haɗin kai ga abubuwa ba tare da la’akari da rukunin yanar gizo ko ƙofar da ke ba da damar yin amfani da albarkatu ba.
- A cikin API ƙarin goyon baya ga tsarin rubutu/html don kwafi da liƙa HTML ta allon allo (ana tsabtace ginin HTML masu haɗari lokacin rubutu da karantawa zuwa allo). Canjin, alal misali, yana ba ku damar tsara shigarwa da kwafin rubutun da aka tsara tare da hotuna da haɗin kai a cikin masu gyara gidan yanar gizo.
- A cikin WebRTC ikon haɗa masu sarrafa bayanan ku da ake kira a matakan ɓoye ko yanke hukunci na WebRTC MediaStreamTrack. Misali, ana iya amfani da wannan damar don ƙara goyan baya don ɓoyayyen bayanan ƙarshe zuwa ƙarshe na bayanan da aka watsa ta hanyar sabar matsakaici.
- A cikin injin JavaScript V8 da 75% aiwatar da Number.prototype.toString. Ƙara kayan .suna zuwa azuzuwan asynchronous tare da fankon ƙima. An cire hanyar Atomics.wake, wanda a wani lokaci an sake masa suna zuwa Atomics.notify don biyan ƙayyadaddun ECMA-262. Buɗe lambar kayan aikin gwaji mai ban mamaki .
- Liftoff baseline compiler for WebAssembly, wanda aka saki a cikin saki na ƙarshe, ya haɗa da ikon yin amfani da umarnin vector don hanzarta lissafin. Yin la'akari da gwaje-gwajen, haɓakawa ya sa ya yiwu a hanzarta wasu gwaje-gwaje da sau 2.8. Wani ingantawa ya sa ya fi sauri don kiran ayyukan JavaScript da aka shigo da su daga Gidan Yanar Gizo.
- kayan aiki don masu haɓaka gidan yanar gizo: Ƙungiyar Media ta ƙara bayani game da ƴan wasan da aka yi amfani da su don kunna bidiyo akan shafin, gami da bayanan taron, rajistan ayyukan, ƙimar dukiya, da sigogin yanke hukunci (misali, zaku iya tantance abubuwan da ke haifar da asarar firam da matsalolin hulɗa. daga JavaScript).
A cikin mahallin mahallin menu na Elements panel, an ƙara ikon ƙirƙirar hotunan kariyar kwamfuta na abin da aka zaɓa (misali, zaku iya ƙirƙirar hoton allo na teburin abun ciki ko tebur).
A cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa, an maye gurbin kwamitin gargaɗin matsalar tare da saƙo na yau da kullun, kuma ana ɓoye matsaloli tare da Kukis na ɓangare na uku ta tsohuwa a cikin Mahimman batutuwa kuma ana kunna su tare da akwati na musamman.
A cikin maballin Rendering, an ƙara maɓallin “Karɓaka fonts na gida, wanda ke ba ku damar kwaikwayi rashin haruffan gida, kuma a cikin shafin Sensors yanzu kuna iya kwaikwayi rashin aikin mai amfani (don aikace-aikacen da ke amfani da API ɗin Gano Idle).
Ƙungiyar Aikace-aikacen yana ba da cikakkun bayanai game da kowane iframe, taga bude, da kuma buɗaɗɗe, gami da bayani game da keɓewar Asalin Cross ta amfani da COEP da COOP.
- maye gurbin aiwatar da yarjejeniya zuwa zaɓin da aka haɓaka a cikin ƙayyadaddun IETF, maimakon zaɓin Google QUIC.
Baya ga sabbin abubuwa da gyare-gyaren kwaro, sabon sigar yana kawar da shi . An gano yawancin raunin da aka samu a sakamakon kayan aikin gwaji na atomatik , , , и . Lalaci ɗaya (CVE-2020-15967, samun damar samun 'yantacciyar ƙwaƙwalwar ajiya a lamba don hulɗa tare da Biyan Google) ana yiwa alama alama mai mahimmanci, watau. yana ba ku damar ƙetare duk matakan kariya na burauza da aiwatar da lamba akan tsarin a wajen yanayin sandbox. A matsayin wani ɓangare na shirin biyan tukuicin kuɗi don gano lahani ga sakin na yanzu, Google ya biya lambobin yabo 27 da suka kai $71500 (kyautar $15000, lambobin yabo $7500 guda uku, lambobin yabo $5000, lambobin yabo $3000 biyu, lambar yabo $200, da lambobin yabo $500 guda biyu). Har yanzu ba a tantance girman lada 13 ba.
source: budenet.ru