ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa Chrome 118: Kukonzekera kuletsa ma cookie a chipani chachitatu mu Chrome

Kutulutsidwa kwa Chrome 118: Kukonzekera kuletsa ma cookie a chipani chachitatu mu Chrome

Google yatulutsa kutulutsidwa kwa msakatuli wa Chrome 118. Pa nthawi yomweyi, kumasulidwa kokhazikika kwa pulojekiti yaulere ya Chromium, yomwe imakhala ngati maziko a Chrome, ilipo. Msakatuli wa Chrome amasiyana ndi Chromium pakugwiritsa ntchito ma logo a Google, kukhalapo kwa dongosolo lotumizira zidziwitso pakagwa ngozi, ma module osewera makanema otetezedwa (DRM), kachitidwe kokhazikitsa zokha zosintha, kupangitsa kuti Sandbox adzipatula kwamuyaya. , kupereka makiyi a Google API ndi kutumiza RLZ- posaka. Kwa iwo omwe amafunikira nthawi yochulukirapo kuti asinthe, nthambi ya Extended Stable imathandizidwa padera, ndikutsatiridwa ndi masabata a 8. Kutulutsidwa kotsatira kwa Chrome 119 kukonzedwa pa Okutobala 31st.

Zosintha zazikulu mu Chrome 118:

  • Kukonzekera kwayamba kuti Chrome asiye kuthandizira ma cookie a chipani chachitatu omwe amayikidwa polowa masamba ena kupatula ma domeni atsambali. Ma Cookies oterowo amagwiritsidwa ntchito kutsata mayendedwe a ogwiritsa ntchito pakati pa masamba omwe ali mu code ya ma network otsatsa, ma widget ochezera pa intaneti ndi makina osanthula masamba. Zosinthazi zikukankhidwa kudzera muupangiri wa Privacy Sandbox, womwe cholinga chake ndi kuwonetsa kusamvana pakati pa zosowa zachinsinsi za ogwiritsa ntchito ndi chikhumbo chaotsatsa ndi mawebusayiti kuti azitsatira zomwe alendo amakonda.

    Mu Chrome 118, Zida Zoyambitsa Webusaiti tsopano zimapereka chenjezo ma cookie akatumizidwa omwe angatsekedwe mtsogolo. Anawonjezeranso njira ya mzere wa lamulo "-test-third-party-cookie-phaseout" ndi zoikamo "chrome://flags/#test-third-party-cookie-phaseout" kukakamiza kutsekereza kuti kuyambitsidwe pazoyesa. Kutsekereza kwenikweni kwa ma cookie a chipani chachitatu kudzayamba kotala loyamba la 2024 ndipo kumangokhudza 1% ya ogwiritsa ntchito Chrome munthawi yoyeserera mpaka kotala lachitatu. Pambuyo pa gawo lachitatu la 2024, kutsekereza kudzawonjezeka mpaka 100%.

    M'malo motsatira ma cookie, akuyenera kugwiritsa ntchito ma API otsatirawa:

    • FedCM (Federated Credential Management) imakupatsani mwayi wopanga zidziwitso zolumikizana zomwe zimatsimikizira zachinsinsi komanso kugwira ntchito popanda ma cookie a chipani chachitatu.
    • Zizindikiro za Private State zimakulolani kuti mulekanitse ogwiritsa ntchito osiyanasiyana osagwiritsa ntchito zizindikiritso zapamalo osiyanasiyana ndikusintha zidziwitso zowona za ogwiritsa ntchito pakati pamitundu yosiyanasiyana.
    • Mitu (critique) imapereka kuthekera kofotokozera magulu a zokonda za ogwiritsa ntchito omwe angagwiritsidwe ntchito kuzindikira magulu a ogwiritsa ntchito omwe ali ndi zokonda zofananira popanda kuzindikira ogwiritsa ntchito payekhapayekha pogwiritsa ntchito makeke otsata. Zokonda zimawerengedwa kutengera zomwe wogwiritsa ntchito akusaka ndikusungidwa pa chipangizo cha wogwiritsa ntchito. Pogwiritsa ntchito Topics API, malo otsatsa malonda atha kupeza zambiri zokhudzana ndi zokonda zapayekha popanda kudziwa zambiri za ogwiritsa ntchito.
    • Omvera Otetezedwa, kuthetsa mavuto obwereza ndikuwunika omvera anu (kugwira ntchito ndi ogwiritsa ntchito omwe adayenderapo kale tsambalo).
    • Malipoti a Attribution amakulolani kuti muwunikire mawonekedwe otsatsa ngati kusintha ndi kutembenuka (kugula patsambalo mutasintha).
    • Storage Access API itha kugwiritsidwa ntchito kupempha chilolezo cha wogwiritsa ntchito kuti azitha kusungirako ma Cookie ngati Ma cookie a chipani chachitatu atsekeredwa mwachisawawa.
  • Thandizo la makina a ECH (Encrypted Client Hello) amathandizidwa kwa onse ogwiritsa ntchito, omwe akupitiriza kupanga ESNI (Encrypted Server Name Indication) ndipo amagwiritsidwa ntchito kubisa zambiri za magawo a gawo la TLS, monga dzina lofunsidwa. Kusiyanitsa kwakukulu pakati pa ECH ndi ESNI ndikuti m'malo mobisa pamlingo wa minda, ECH imasunga uthenga wonse wa TLS ClientHello, womwe umakupatsani mwayi kuti mutseke kutulutsa kudzera m'magawo omwe ESNI sakuphimba, mwachitsanzo, PSK (Pre-Shared Key) munda. Kuti muwone ngati ECH yayatsidwa, zoikamo za "chrome://flags#encrypted-client-hello" zimaperekedwa.
  • Mukatsegula chitetezo chokhazikika cha msakatuli (Kusakatula Motetezedwa> Kutetezedwa Kwambiri), tsopano ndi kotheka kuletsa zowonjezera zoyipa zomwe zayikidwa kunja kwa kalozera wamba. Lingaliro lochichotsa limapangidwa pa maseva a Google kutengera cheke chamanja kapena makina odziwikiratu kuti azindikire ma code oyipa ayambika.
  • Chitetezo cha msakatuli chikayatsidwa (Safe Browsing > Standard protection), kufufuza kwachitetezo cha ma URL otseguka kumachitika nthawi yeniyeni, kutengera kutumiza kwa maseva Google imachotsa ma hashes angapo kuchokera ku ma URL omwe wogwiritsa ntchito amatsegula. Kuti apewe kufanana IP ma adilesi Deta ya wogwiritsa ntchito ndi hash imatumizidwa kudzera mu proxy yapakati. Kale, kufufuza kunkachitika potsitsa kopi yakomweko ya mndandanda wa ma URL osatetezeka ku dongosolo la wogwiritsa ntchito. Ndondomeko yatsopanoyi imalola kuletsa mwachangu ma URL oyipa.
  • Mapangidwe amasamba omwe amawonetsedwa poyesa kutsegula tsamba lomwe linapezeka kuti ndi losatetezedwa pomwe silinasinthidwe pogwiritsa ntchito njira ya Safe Browsing yawongoleredwa.
    Kutulutsidwa kwa Chrome 118: Kukonzekera kuletsa ma cookie a chipani chachitatu mu Chrome
  • Telemetry yotumizidwa ku maseva a Google pamene Chitetezo Chowonjezera Chosakatula chayatsidwa (Kusakatula Motetezedwa > Chitetezo Chowonjezera) tsopano chikuphatikizanso kuyimba foni ku chrome.tabs API zowonjezera. Deta imasonkhanitsidwa kuti izindikire zochitika zoyipa ndi kuphwanya mfundo pazowonjezera.
  • Mukayatsa chitetezo chamsakatuli chapamwamba (Kusakatula Motetezedwa> Kutetezedwa Kwambiri), kusanthula mozama kwa zolemba zakale za ZIP ndi RAR kumathandizidwa kumbali ya Google (wogwiritsa ntchito amafunsidwa kuti atulutse mawu achinsinsi, kenako zomwe zimatumizidwa ku maseva a Google kuti asikenidwe) .
  • Mawu atsopano awonjezedwa ku Configurator and Privacy Guide kuti afotokoze milingo yachitetezo cha Safe Browsing ndi maulalo okhudzana ndi zolemba zomwe zili ndi zambiri zawonjezedwa. Mafotokozedwe osavuta a chitetezo chokhazikika, chitetezo choyimitsa, ndi machenjezo achinsinsi achinsinsi.
    Kutulutsidwa kwa Chrome 118: Kukonzekera kuletsa ma cookie a chipani chachitatu mu Chrome
  • Zambiri zokhuza kupezeka kwa kuchotsera zawonjezedwa kugawo la Quest (kutsata mitengo m'masitolo apaintaneti) patsamba latsamba latsopano. Chizindikiro chochotsera chikhoza kuwonekeranso mu bar ya adilesi mukatsegula masamba omwe ali ndi malonda ochokera m'masitolo apaintaneti omwe amatsatiridwa ndi Google.
  • Mogwirizana ndi mafotokozedwe a RFC-6265bis, ma Cookies onse okhala ndi zilembo zowongolera ndikuyikidwa kudzera mu JavaScript atsekedwa. M'mbuyomu, Ma cookie okhala ndi zilembo zachabechabe, zobwereketsa zamagalimoto, ndi ma feed a mizere adachepetsedwa pazovuta m'malo motsekedwa, zomwe zitha kugwiritsidwa ntchito pazifukwa zoyipa nthawi zina. Kuti mulepheretse machitidwe atsopano, mutha kugwiritsa ntchito njira ya "--disable-features=BlockTruncatedCookies".
  • Ogwira Ntchito Olembetsedwa ndi zowonjezera amaloledwa kupeza WebUSB API.
  • Kufunika kwa wogwiritsa ntchito kuti ayambitse kuthekera kowonetsa zokambirana zofunsira ndikutsimikizira kuti kulipila kwachotsedwa.
  • Anasiya kuyika zilembo za zilembo za ASCII ngati "%xx" ma code. Mwachitsanzo, m'mbuyomu "http://example.com/%41" idasinthidwa kukhala "http://example.com/A" isanalembedwe ku url.href, koma tsopano ikhalabe "http://example. com/%41” "
  • Onjezani kuthekera koyika zolemba molunjika pazosankha, mita, kupita patsogolo, batani, zolemba ndi zolemba. Kuyika kwa mawu m'mafomu kumakhazikitsidwa pogwiritsa ntchito njira yolembera katundu ya CSS, yomwe imatha kutenga ma values ​​​​vertical-rl kapena vertical-lr kuti iwonetsedwe molunjika.
  • Katundu wa "mawonekedwe" a CSS sagwiritsanso ntchito mawu osafunikira: batani lamkati-spin, media-slider, media-sliderthumb, media-volume-slider, media-volume-sliderthumb, push-button, searchfield-cancel-batani, slider - yopingasa, sliderthumb-yopingasa, sliderthumb-woongoka ndi lalikulu-batani. Kuti muwone kufunikira kwa mawu osakirawa omwe sanaphatikizidwe muzofotokozera, ziwerengero zinasonkhanitsidwa, malinga ndi zomwe zinagwiritsidwa ntchito mu 0.001% ya milandu.
  • Wowonjezera @scope lamulo la CSS, lomwe limamangiriza masitayelo a CSS poganizira za kuyandikira kwa matanthauzidwe ake ndi zinthu. Lamulo la @scope litha kugwiritsidwa ntchito kudutsa masitayelo wamba potengera dongosolo la maelementi, kapena kusintha kalembedwe kachinthu popanda kukhudza masitayelo azinthu zake. Mwachitsanzo, kwa nested divs: Ndine pinki wopepuka! Pinki yosiyana! zonse zidzakhala zofiirira zapinki chifukwa cha mawonekedwe a "lightpink-theme" omwe afotokozedwa mu div ya makolo pa block yonse. Pogwiritsa ntchito @scope mutha kusintha kuchuluka kwake ndikukakamiza kuti nested div ilembedwe "pinki-theme" kutengera kuyandikira kwa matanthauzidwe ake, m'malo mwa dongosolo la matanthauzidwe ake: @scope (.pink-theme) { a {mtundu: hotpink; } } @scope (.lightpink-theme){ a { color: lightpink; }}
  • Thandizo lowonjezera pafunso la media (@media) "scripting", lomwe limakupatsani mwayi wowona kupezeka kwa kuthekera kolemba zolemba (mwachitsanzo, mu CSS mutha kudziwa ngati thandizo la JavaScript layatsidwa).
  • Kuwonjezera thandizo la funso la media lotchedwa prefers-reduced-transparency media query, lomwe limapangitsa kuti pakhale kusintha kwa makonda a system komwe kumachepetsa kugwiritsa ntchito translucency kapena translucency effects (mwachitsanzo, "Reduce transparency" mode mu macOS, zomwe zimagwiritsidwa ntchito pokonza kuti zolembazo zizitha kuwerengedwa mosavuta).
  • Zothandizira zatsopano "float: inline-start", "float: inline-end", "clear: inline-start", "clear: inline-end", "resize: block", "resize: inline" mu CSS. imayang'anira momwe zinthu zilili (kuti zithandizire zilankhulo zomwe sizinalembedwe kuchokera pamwamba mpaka pansi komanso kumanzere kupita kumanja, kuyika koyenera kumagwiritsa ntchito malingaliro a chiyambi, mapeto, ndi njira ya malemba).
  • Katundu wa "transform-box" CSS tsopano amathandizira ma stroke-box, content-box, and border-box values, kukulolani kuti musinthe njira yowerengera malo ogwiritsira ntchito kusintha, mwachitsanzo, kuti mugwiritse ntchito zojambula zapamwamba.
  • Kuwonjeza kuthekera koyika chidwi pazida zopukutira poyenda pogwiritsa ntchito kiyibodi (mwachitsanzo, kuyang'ana kwambiri pakupukusa kumatha kukhazikitsidwa podina batani la Tab ndikusuntha ndi makiyi okalozera).
  • Kuwongolera kwapangidwa kwa zida za opanga mawebusayiti. Kuthekera kwa gulu la Sources kwakulitsidwa, momwe, m'malo mwa gawo la "Filesystem", tabu ya "Workspace" imaperekedwa, momwe mungagwirizanitse zosintha zomwe zawonjezeredwa pogwiritsa ntchito zida zamapulogalamu ndi mafayilo oyambira.

    Ndizotheka kusintha dongosolo la ma tabo mugawo la Sources powasuntha ndi mbewa mu kukoka & dontho. Imawonetsetsa masanjidwe a ma code a JavaScript ophatikizidwa muzolemba zokhala ndi mitundu ya module, mapu olowera kunja ndi malamulo ongoyerekeza. Kuwunikira kowonjezera kwa ma syntax kumawu omwe ali ndi mapu a importmap ndi mitundu ya speculationrules.

    Kutulutsidwa kwa Chrome 118: Kukonzekera kuletsa ma cookie a chipani chachitatu mu Chrome

    Mugawo la Elements, mu Masitayelo tabu, gawo lapadera lawonjezedwa pazachikhalidwe, kukulolani kuti mufotokozere zanu za CSS popanda kugwiritsa ntchito JavaScript. Zotsatira zofufuzira tsopano zikuwonetsa machesi onse pamndandanda, osati kungofanana koyamba, komwe kumakhala kothandiza mukasaka mafayilo a JavaScript omwe adzaza kuti muchepetse kukula (kudina pazotsatira kumatsegula fayiloyo mumkonzi ndikupukuta molunjika komanso mopingasa kuti muwonetse malowo. anapeza).

    Kutulutsidwa kwa Chrome 118: Kukonzekera kuletsa ma cookie a chipani chachitatu mu Chrome

Kuphatikiza pazatsopano ndi kukonza zolakwika, mtundu watsopano umachotsa zovuta 20. Zofooka zambiri zidadziwika chifukwa choyesera zokha pogwiritsa ntchito AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer ndi zida za AFL. Mwa zina, kutulutsidwa kwatsopanoku kumachotsa chiwopsezo chachikulu cha CVE-2023-5218 cholumikizidwa ndi mwayi wokumbukira mutamasulidwa (Gwiritsani ntchito pambuyo paufulu) pamakina odzipatula. Kusatetezeka kumakupatsani mwayi wodutsa magawo onse achitetezo cha asakatuli ndikuyika ma code pakompyuta kunja kwa sandbox. Monga gawo la pulogalamu yolipira ndalama pozindikira zovuta zomwe zatulutsidwa pano, Google idapereka mphotho 14 zokwana $30,5 chikwi (mphotho imodzi ya $6000, mphotho ziwiri za $5000, mphotho ziwiri za $3000, mphotho imodzi ya $2000, mphotho zisanu ndi imodzi za $1000 ndi mphotho imodzi ya $500). Kukula kwa mphotho imodzi sikunadziwikebe.

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster