Chrome 86

Kutulutsidwa kotsatira kwa Chrome 86 ndi kumasulidwa kokhazikika kwa Chromium kwatulutsidwa.

Zosintha zazikulu mu Chrome 86:

• chitetezo pakutumiza mosatetezeka mafomu olowetsa pamasamba opakidwa pa HTTPS koma kutumiza deta pa HTTP.
• Kuletsa kutsitsa kotetezedwa (http) kwamafayilo omwe atha kukwaniritsidwa kumathandizidwa ndikuletsa kutsitsa kosatetezedwa kwa zakale (zip, iso, ndi zina zotero) ndikuwonetsa machenjezo otsitsa zikalata (docx, pdf, etc.). Kutsekereza kwa zolemba ndi machenjezo a zithunzi, zolemba, ndi mafayilo amawu akuyembekezeka kutulutsidwa kotsatira. Kutsekereza kumayendetsedwa chifukwa kutsitsa mafayilo popanda kubisa kumatha kugwiritsidwa ntchito kuchita zoyipa posintha zomwe zili mkati mwa MITM.
• Zosankha zosasinthika zimawonetsa njira ya "Sonyezani URL yonse", yomwe m'mbuyomu inkafuna kusintha zosintha pa about:flags page kuti zitheke. Ulalo wathunthu ukhoza kuwonedwanso podina kawiri pa adilesi. Tikukumbutseni kuti kuyambira ndi Chrome 76, mwachisawawa adilesi idayamba kuwonetsedwa popanda protocol ndi www subdomain. Mu Chrome 79, mawonekedwe obwezeretsa machitidwe akale adachotsedwa, koma pambuyo pa kusakhutira kwa ogwiritsa ntchito, mbendera yatsopano yoyesera idawonjezedwa mu Chrome 83 yomwe imawonjezera mwayi pamindandanda yankhani kuti mulepheretse kubisala ndikuwonetsa ulalo wathunthu mumikhalidwe yonse.
  Kwa owerengeka ochepa a ogwiritsa ntchito, kuyesa kwayambika kuti awonetse domain yokhayo mu bar ya adilesi mwachisawawa, popanda zinthu zanjira ndi magawo amafunso. Mwachitsanzo, m'malo mwa "https://example.com/secure-google-sign-in/" "example.com" idzawonetsedwa. Njira yomwe ikufunsidwa ikuyembekezeka kubweretsedwa kwa onse ogwiritsa ntchito imodzi mwazotulutsa zina. Kuti mulepheretse izi, mutha kugwiritsa ntchito njira ya "Sonyezani ulalo wonse", ndikuwona ulalo wonse, mutha kudina batani la adilesi. Cholinga cha kusinthaku ndikufunitsitsa kuteteza ogwiritsa ntchito ku phishing zomwe zimagwiritsa ntchito magawo mu URL - owukira amapezerapo mwayi pakusasamala kwa ogwiritsa ntchito kuti awoneke ngati akutsegula tsamba lina ndikupanga zachinyengo (ngati m'malo mwake zikuwonekera kwa wogwiritsa ntchito mwaluso. , ndiye kuti anthu osadziwa amagwera mosavuta m'njira yosavuta ngati imeneyi).
• Ntchito yochotsa thandizo la FTP yakonzedwanso. Mu Chrome 86, FTP imayimitsidwa mwachisawawa kwa pafupifupi 1% ya ogwiritsa ntchito, ndipo mu Chrome 87 kuchuluka kwa kulumala kudzawonjezeka mpaka 50%, koma chithandizo chikhoza kubwezeredwa pogwiritsa ntchito "--enable-ftp" kapena "- -enable-features=FtpProtocol" mbendera. Mu Chrome 88, thandizo la FTP lizimitsidwa kwathunthu.
• Mu mtundu wa Android, wofanana ndi mtundu wamakompyuta apakompyuta, woyang'anira mawu achinsinsi amagwiritsa ntchito cheke cha malowedwe osungidwa ndi mapasiwedi motsutsana ndi nkhokwe yamaakaunti osokonekera, kuwonetsa chenjezo ngati mavuto apezeka kapena kuyesa kugwiritsa ntchito mapasiwedi ang'onoang'ono. Chekecho chimachitika motsutsana ndi nkhokwe yomwe ili ndi maakaunti opitilira 4 biliyoni omwe adawonekera m'malo osungidwa a ogwiritsa ntchito. Kusunga zachinsinsi, hashi prefix imatsimikiziridwa kumbali ya wogwiritsa ntchito, ndipo mapasiwedi okha ndi ma hesh awo onse samafalitsidwa kunja.
• Batani la "Check Safety" ndi njira yolimbikitsira yoteteza kumasamba oopsa (Kusakatula Kwachitetezo Chowonjezera) zasamutsidwanso ku mtundu wa Android. Batani la "Check Safety" likuwonetsa chidule cha zovuta zachitetezo, monga kugwiritsa ntchito mawu achinsinsi osokonekera, momwe mungayang'anire masamba oyipa (Kusakatula Kwachitetezo), kupezeka kwa zosintha zosatulutsidwa, komanso kuzindikiritsa zoonjeza zoyipa. Chitetezo chapamwamba chimatsegula macheke owonjezera kuti atetezedwe ku chinyengo, zochita zoyipa ndi ziwopsezo zina zapaintaneti, ndikuphatikizanso chitetezo china pa akaunti yanu ya Google ndi ntchito za Google (Gmail, Drive, ndi zina). Ngati cheke mumayendedwe a Safe Browsing amachitidwa kwanuko pogwiritsa ntchito database yomwe imayikidwa nthawi ndi nthawi pamakina a kasitomala, ndiye mu Kusakatula Kwachitetezo Chowonjezera zambiri zamasamba ndi kutsitsa munthawi yeniyeni zimatumizidwa kuti zitsimikizidwe ku mbali ya Google, zomwe zimakupatsani mwayi woyankha mwachangu ziwopsezo zitangodziwika, osadikirira mpaka mndandanda wakuda wamba usinthidwa.
• Thandizo lowonjezera la fayilo yowonetsera ".well-known/change-password", yomwe eni ake a malo angatchule adiresi ya mawonekedwe a intaneti kuti asinthe mawu achinsinsi. Ngati zidziwitso za wogwiritsa ntchito zisokonezedwa, Chrome tsopano iuza wogwiritsa ntchito fomu yosinthira mawu achinsinsi potengera zomwe zili mufayiloyi.
• Chenjezo latsopano la "Safety Tip" lakhazikitsidwa, lowonetsedwa potsegula malo omwe dera lawo likufanana kwambiri ndi malo ena ndipo heuristics imasonyeza kuti pali kuthekera kwakukulu kwa spoofing (mwachitsanzo, goog0le.com imatsegulidwa m'malo mwa google.com).

  * Thandizo la Cache ya Back-forward yakhazikitsidwa, ndikupangitsa kuyenda pompopompo mukamagwiritsa ntchito mabatani a "Back" ndi "Forward" kapena podutsa masamba omwe adawonedwa kale atsambali. Cache imathandizidwa pogwiritsa ntchito chrome://flags/#back-forward-cache setting.

• Kukhathamiritsa kugwiritsa ntchito zida za CPU pamawindo akunja. Chrome imayang'ana ngati zenera la msakatuli likupinidwa ndi mazenera ena ndikuletsa kujambula ma pixel m'malo omwe akudutsana. Kukhathamiritsa uku kudayatsidwa kwa anthu ochepa omwe amagwiritsa ntchito Chrome 84 ndi 85 ndipo tsopano akuyatsidwa kulikonse. Poyerekeza ndi zotulutsa zam'mbuyomu, kusagwirizana ndi machitidwe owoneka bwino omwe adapangitsa kuti masamba oyera opanda kanthu awonekere kwathetsedwa.
• Kuchulukitsitsa kwazinthu zama tabu zakumbuyo. Ma tabu oterowo sangathenso kupitilira 1% yazinthu za CPU ndipo satha kutsegulidwa osapitilira kamodzi pamphindi. Pambuyo pa mphindi zisanu kukhala kumbuyo, ma tabo amawumitsidwa, kupatula ma tabo omwe akusewera ma multimedia kapena kujambula.
• Ntchito yayambiranso pakugwirizanitsa mutu wa User-Agent HTTP. Mu mtundu watsopano, kuthandizira kwa Makina Othandizira Othandizira Ogwiritsa Ntchito, opangidwa kuti alowe m'malo mwa User-Agent, amayatsidwa kwa ogwiritsa ntchito onse. Njira yatsopanoyi imaphatikizapo kubwezera deta yokhudzana ndi osatsegula ndi machitidwe (mtundu, nsanja, ndi zina zotero) pokhapokha atapempha ndi seva ndikupatsa mwayi kwa ogwiritsa ntchito kuti apereke chidziwitso choterocho kwa eni ake. Mukamagwiritsa ntchito Maupangiri a Makasitomala Ogwiritsa Ntchito, chizindikiritso sichimaperekedwa mwachisawawa popanda pempho lachindunji, zomwe zimapangitsa kuti zizindikiritso zapang'onopang'ono zisatheke (mwachisawawa, dzina la osatsegula lokha limawonetsedwa).
  Chizindikiro cha kukhalapo kwa zosintha komanso kufunika koyambitsanso msakatuli kuti muyike zasinthidwa. M'malo mwa muvi wachikuda, "Sinthani" tsopano ikuwoneka mu gawo la avatar ya akaunti.
• Ntchito yachitika kuti asinthe osatsegula kuti agwiritse ntchito mawu ophatikiza. M'mayina a ndondomeko, mawu oti "whitelist" ndi "blacklist" asinthidwa ndi "ollowlist" ndi "blocklist" (ndondomeko zomwe zawonjezeredwa kale zidzapitiriza kugwira ntchito, koma zidzawonetsa chenjezo la kuchotsedwa). M'makhodi ndi mayina a mafayilo, zolemba za "blacklist" zasinthidwa ndi "blocklist". Mauthenga owoneka ndi ogwiritsa ntchito a "blacklist" ndi "whitelist" adasinthidwa kumayambiriro kwa 2019.
  Anawonjezera luso loyesera kusintha mawu achinsinsi osungidwa, otsegulidwa pogwiritsa ntchito mbendera ya "chrome://flags/#edit-passwords-in-settings".
• Native File System API yasamutsidwira ku gulu la API yokhazikika komanso yopezeka pagulu, kukulolani kuti mupange mapulogalamu a pa intaneti omwe amalumikizana ndi mafayilo amafayilo am'deralo. Mwachitsanzo, API yatsopano ikhoza kufunidwa m'malo otukuka ophatikizidwa ndi osatsegula, zolemba, zithunzi ndi makanema osintha. Kuti muthe kulemba mwachindunji ndi kuwerenga mafayilo kapena kugwiritsa ntchito ma dialogs kuti mutsegule ndi kusunga mafayilo, komanso kuyendetsa zomwe zili m'mabuku, pulogalamuyi imapempha wogwiritsa ntchito chitsimikiziro chapadera.
• Onjezani chosankha cha CSS ":focus-visible", chomwe chimagwiritsa ntchito ma heuristics omwe asakatuli amagwiritsa ntchito posankha kuwonetsa chizindikiro chosinthira (pamene mukusunthira ku batani pogwiritsa ntchito njira zazifupi za kiyibodi, chizindikirocho chimawonekera, koma mukadina ndi mbewa. , ayi). Chosankha cha CSS chomwe chinalipo kale ":focus" nthawi zonse chimayang'ana kwambiri. Kuphatikiza apo, njira ya "Quick Focus Highlight" yawonjezedwa pazosintha, ikayatsidwa, chizindikiro chowonjezera chidzawonetsedwa pafupi ndi zinthu zomwe zikugwira ntchito, zomwe zimawonekerabe ngakhale zitakhala kuti mawonekedwe azowunikira zowunikira aziyimitsidwa patsamba kudzera pa CSS. .
• Ma API angapo atsopano awonjezedwa ku Origin Trials mode (zoyeserera zomwe zimafunikira kuyatsa kosiyana). Origin Trial amatanthauza kuthekera kogwira ntchito ndi API yotchulidwa kuchokera ku mapulogalamu omwe adatsitsidwa kuchokera ku localhost kapena 127.0.0.1, kapena mutalembetsa ndi kulandira chizindikiro chapadera chomwe chili chovomerezeka kwa nthawi yochepa pa tsamba linalake.
• WebHID API yopezera zida za HID zotsika (zida zowonetsera anthu, kiyibodi, mbewa, ma gamepads, touchpads), zomwe zimakupatsani mwayi wogwiritsa ntchito chipangizo cha HID mu JavaScript kuti mukonzekere ntchito ndi zida za HID osowa popanda kupezeka kwa madalaivala enieni mu dongosolo. Choyamba, API yatsopano ikufuna kupereka chithandizo cha masewera a masewera.
• Screen Information API, imakulitsa Window Placement API kuti ithandizire masanjidwe azithunzi zambiri. Mosiyana ndi zenera.screen, API yatsopano imakulolani kuti mugwiritse ntchito kuyika kwazenera mu malo onse owonetsera mawonedwe ambiri, popanda kungokhala pazithunzi zamakono.
• Meta tag-kupulumutsa batire, komwe tsamba limatha kudziwitsa osatsegula za kufunika koyambitsa mitundu kuti muchepetse kugwiritsa ntchito mphamvu ndikukulitsa kuchuluka kwa CPU.
• API ya COOP Reporting API kuti inene zophwanya njira zodzipatula za Cross-Origin-Embedder-Policy (COEP) ndi Cross-Origin-Opener-Policy (COOP), popanda kugwiritsa ntchito zoletsa zenizeni.
• Credential Management API imapereka mtundu watsopano wa zidziwitso, PaymentCredential, yomwe imapereka chitsimikiziro chowonjezera cha ntchito yolipira yomwe ikuchitika. Chipani chodalira, monga banki, chimatha kupanga kiyi yapagulu, PublicKeyCredential, yomwe ingapemphedwe ndi wamalonda kuti atsimikizire zolipira zowonjezera.
• API ya PointerEvents yodziŵira kupendekeka kwa cholembera* yawonjezera kuthandizira ngodya zokwezeka (ngodya yapakati pa cholembera ndi zenera) ndi azimuth (ngodya yapakati pa X axis ndi mawonekedwe a cholembera pa zenera), m’malo mwa cholemberacho. TiltX ndi TiltY ngodya (makona pakati pa ndege kuchokera ku cholembera ndi imodzi mwa nkhwangwa ndi ndege kuchokera ku Y ndi Z nkhwangwa). Komanso anawonjezera ntchito kutembenuka pakati okwera/azimuth ndi TiltX/TiltY.
• Anasintha kabisidwe ka malo mu ma URL powerengera mu ma protocol handlers - njira ya navigator.registerProtocolHandler() tsopano ilowa m'malo ndi "%20" m'malo mwa "+", yomwe imagwirizanitsa machitidwe ndi asakatuli ena monga Firefox.
• pseudo-element "::marker" yawonjezedwa ku CSS, kukulolani kuti musinthe mtundu, kukula, mawonekedwe ndi mtundu wa manambala ndi madontho pamindandanda yama block. Ndipo .
• Thandizo lowonjezera la mutu wa Document-Policy HTTP, womwe umakupatsani mwayi wokhazikitsa malamulo ofikira zikalata, zofanana ndi njira yodzipatula ya sandbox ya iframes, koma yochulukirapo. Mwachitsanzo, kudzera mu Document-Policy mutha kuchepetsa kugwiritsa ntchito zithunzi zotsika, kuletsa JavaScript APIs pang'onopang'ono, sinthani malamulo otsitsa ma iframe, zithunzi ndi zolemba, kuchepetsa kukula kwa chikalata chonse ndi kuchuluka kwa magalimoto, kuletsa njira zomwe zimatsogolera pakujambulanso masamba, ndi zimitsani ntchito ya Scroll-To-Text.
• Kuti element anawonjezera thandizo la 'inline-grid', 'grid', 'inline-flex' ndi 'flex' magawo omwe akhazikitsidwa kudzera pa 'chiwonetsero' cha CSS.
• Njira yowonjezera ya ParentNode.replaceChildren() yosinthira ana onse a makolo ndi mfundo ina ya DOM. M'mbuyomu, mutha kugwiritsa ntchito kuphatikiza kwa node.removeChild() ndi node.append() kapena node.innerHTML ndi node.append() kusintha ma node.
• Mitundu yosiyanasiyana ya ma URL omwe atha kuchotsedwa pogwiritsa ntchito registerProtocolHandler() yawonjezedwa. Mndandanda wa ziwembu umaphatikizapo ma protocol a decentralized cabal, dat, did, dweb, ethereum, hyper, ipfs, ipns ndi ssb, zomwe zimakulolani kufotokozera maulalo kuzinthu mosasamala kanthu za malo kapena chipata chopereka mwayi wopeza gwero.
• Thandizo lowonjezera pamawonekedwe alemba/html ku Asynchronous Clipboard API pokopera ndi kumata HTML kudzera pa clipboard (zomanga zowopsa za HTML zimayeretsedwa polemba ndikuwerenga pa bolodi lojambula). Kusintha, mwachitsanzo, kumakupatsani mwayi wokonza zoyika ndi kukopera zolemba zojambulidwa ndi zithunzi ndi maulalo mu okonza masamba.
• WebRTC yawonjezera kuthekera kolumikiza ma data ake omwe, otchedwa pa encoding kapena decoding stages of WebRTC MediaStreamTrack. Mwachitsanzo, kuthekera uku kutha kugwiritsidwa ntchito powonjezera chithandizo cha kubisa komaliza mpaka kumapeto kwa data yomwe imafalitsidwa kudzera pa ma seva apakatikati.
  Mu injini ya V8 JavaScript, kukhazikitsidwa kwa Number.prototype.toString kwafulumizitsidwa ndi 75%. Wowonjezera .name katundu ku makalasi asynchronous ndi mtengo wopanda kanthu. Njira ya Atomics.wake yachotsedwa, yomwe nthawi ina inasinthidwa kukhala Atomics.dziwitsani kuti zigwirizane ndi ndondomeko ya ECMA-262. Khodi ya chida choyesera cha JS-Fuzzer yatsegulidwa.
• The Liftoff baseline compiler ya WebAssembly yomwe idatulutsidwa komaliza imaphatikizapo kuthekera kogwiritsa ntchito malangizo a vector a SIMD kuti mufulumizitse kuwerengera. Kutengera mayesowo, kukhathamiritsa kudapangitsa kuti zitheke kufulumizitsa mayeso ena nthawi 2.8. Kukhathamiritsa kwina kunapangitsa kuti ikhale yachangu kwambiri kuyimba ntchito za JavaScript zochokera ku WebAssembly.
• Zida zopangira mawebusayiti zakulitsidwa: Gulu la Media lawonjezera zambiri za osewera omwe amagwiritsidwa ntchito kusewera makanema patsambalo, kuphatikiza zomwe zachitika, matabwa, mitengo ya katundu ndi magawo osinthira chimango (mwachitsanzo, mutha kudziwa zomwe zimayambitsa chimango kutayika ndi kuyanjana ndi zovuta kuchokera ku JavaScript).
• Pazosankha za gulu la Elements, kuthekera kopanga zowonera zomwe mwasankha kwawonjezedwa (mwachitsanzo, mutha kupanga chithunzi chazomwe zili mkati kapena tebulo).
• Patsamba lawebusayiti, gulu lochenjeza zavuto lasinthidwa ndi uthenga wokhazikika, ndipo mavuto omwe ali ndi ma Cookies a chipani chachitatu amabisika mwachisawawa mu tabu ya Nkhani ndipo amayatsidwa ndi bokosi lapadera.
• Mu tabu yoperekera, batani la "Letsani mafonti am'deralo" lawonjezedwa, lomwe limakupatsani mwayi woyerekeza kusowa kwa mafonti am'deralo, ndipo pa Sensor tabu mutha kutengera kusagwiritsa ntchito kwa ogwiritsa ntchito (pazogwiritsa ntchito pogwiritsa ntchito Idle Detection API).
• Gulu la Application limapereka zambiri za iframe iliyonse, zenera lotseguka, ndi pop-up, kuphatikiza zambiri za kudzipatula kwa Cross-Origin pogwiritsa ntchito COEP ndi COOP.

Kukhazikitsidwa kwa protocol ya QUIC kwayamba kusinthidwa ndi mtundu womwe wapangidwa mu IETF, m'malo mwa Google ya QUIC.
Kuphatikiza pazatsopano ndi kukonza zolakwika, mtundu watsopano umachotsa zovuta 35. Zofooka zambiri zidadziwika chifukwa choyesera zokha pogwiritsa ntchito AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer ndi zida za AFL. Chiwopsezo chimodzi (CVE-2020-15967, mwayi wamakumbukidwe omasulidwa mu code yolumikizirana ndi Google Payments) amalembedwa kuti ndizovuta, mwachitsanzo. imakupatsani mwayi wodutsa magawo onse achitetezo cha asakatuli ndikuchita ma code pa system kunja kwa sandbox. Monga gawo la pulogalamu yolipira mphotho zandalama pozindikira zovuta zomwe zatulutsidwa pano, Google idapereka mphotho 27 zokwana $71500 (mphotho imodzi ya $15000, mphotho zitatu za $7500, mphotho zisanu za $5000, mphotho ziwiri za $3000, mphotho imodzi ya $200, ndi mphotho ziwiri za $500). Kukula kwa mphotho 13 sikunadziwikebe.

Kutengedwa kuchokera Opennet.ru

Source: linux.org.ru