Google kumasulidwa kwa msakatuli ... Nthawi imodzi kutulutsidwa kokhazikika kwa projekiti yaulere , yomwe imakhala ngati maziko a Chrome. Msakatuli wa Chrome kugwiritsa ntchito ma logo a Google, kukhalapo kwa dongosolo lotumizira zidziwitso pakagwa ngozi, kutha kutsitsa gawo la Flash mukapempha, ma module osewera otetezedwa (DRM), kachitidwe kokhazikitsa zokha zosintha ndi kufalitsa pakufufuza. . Kutulutsidwa kotsatira kwa Chrome 87 kukonzedwa pa Novembara 17.
:
- Chitetezo chowonjezera pakutumiza kosatetezedwa kwa mafomu olowetsa pamasamba opakidwa kudzera pa HTTPS koma kutumiza zidziwitso kudzera pa HTTP, zomwe zimapangitsa kuti pakhale chiwopsezo cha kulandidwa kwa data ndikuwononga nthawi ya MITM. Chitetezo chimabwera pamitundu itatu:
- Kudzaza zokha kwa mafomu aliwonse ophatikizika kwayimitsidwa, monga momwe kudzaza mafomu otsimikizira pamasamba otsegulidwa kudzera pa HTTP kuyimitsidwa kwa nthawi yayitali. Ngati m'mbuyomu chizindikiro cholepheretsa chinali kutsegula tsamba ndi fomu kudzera pa HTTPS kapena HTTP, tsopano kugwiritsa ntchito encryption potumiza deta kwa wothandizira mawonekedwe kumaganiziridwanso. Woyang'anira mawu achinsinsi pamitundu yosiyanasiyana yotsimikizira sikuyimitsidwa, chifukwa chiopsezo chogwiritsa ntchito mawu achinsinsi osatetezedwa ndikugwiritsanso ntchito mawu achinsinsi pamasamba osiyanasiyana chimaposa chiwopsezo cha kutsekeka kwa magalimoto.
- Mukayamba kulowa mumitundu yosakanikirana, chenjezo likuwonetsedwa ndikudziwitsa wogwiritsa ntchito kuti zomwe zamalizidwa zimatumizidwa kudzera panjira yolumikizirana yosalembetsedwa.
- Mukayesa kutumiza mawonekedwe osakanizidwa, tsamba lapadera likuwonetsedwa ndikukudziwitsani za chiopsezo chotumizira deta panjira yolumikizirana yosalembetsedwa. M'matembenuzidwe am'mbuyomu, chizindikiro cha padlock mu bar ya adilesi chidagwiritsidwa ntchito kuwonetsa mitundu yosakanikirana, koma chizindikiro ichi sichinali chowonekera kwa ogwiritsa ntchito ndipo sichinawonetse bwino kuopsa komwe kumakhudzidwa.
- Kutsekereza (popanda encryption) yamafayilo omwe angathe kukwaniritsidwa amaphatikizidwa ndikuletsa kutsitsa kosatetezedwa kwa zosungidwa (zip, iso, ndi zina) ndikuwonetsa machenjezo pakutsitsa mopanda chitetezo.
zolemba (docx, pdf, etc.). Kutsekereza kwa zolemba ndi machenjezo a zithunzi, zolemba, ndi mafayilo amawu akuyembekezeka kutulutsidwa kotsatira. Kutsekereza kumayendetsedwa chifukwa kutsitsa mafayilo popanda kubisa kumatha kugwiritsidwa ntchito kuchita zoyipa posintha zomwe zili mkati mwa MITM. - Zosankha zosasinthika zimawonetsa njira ya "Sonyezani URL yonse", yomwe m'mbuyomu inkafuna kusintha zosintha pa about:flags page kuti zitheke. Ulalo wathunthu ukhoza kuwonedwanso podina kawiri pa adilesi. Tiyeni tikumbukire kuti kuyambira pamenepo Mwachikhazikitso, adilesiyo idayamba kuwonetsedwa popanda protocol ndi www subdomain. MU zoikamo kubwezeretsa khalidwe wakale anachotsedwa, koma pambuyo kusakhutira wosuta ndi Mbendera yatsopano yoyesera yawonjezedwa yomwe imawonjezera mwayi pamindandanda yankhani kuti mulepheretse kubisala ndikuwonetsa ulalo wathunthu muzochitika zilizonse.
- Yakhazikitsidwa kwa anthu ochepa ogwiritsa ntchito pa Mwachikhazikitso, adiresi ili ndi malo okhawo, opanda njira ndi magawo amafunso. Mwachitsanzo, m'malo mwa "https://example.com/secure-google-sign-in/" idzawonetsa "example.com". Njira yomwe ikufunsidwa ikuyembekezeka kubweretsedwa kwa onse ogwiritsa ntchito imodzi mwazotulutsa zina. Kuti mulepheretse izi, mutha kugwiritsa ntchito njira ya "Sonyezani ulalo wonse", ndikuwona ulalo wonse, mutha kudina batani la adilesi. Cholinga cha kusinthaku ndikufunitsitsa kuteteza ogwiritsa ntchito ku phishing zomwe zimagwiritsa ntchito magawo mu URL - owukira amapezerapo mwayi pakusasamala kwa ogwiritsa ntchito kuti awoneke ngati akutsegula tsamba lina ndikupanga zachinyengo (ngati m'malo mwake zikuwonekera kwa wogwiritsa ntchito mwaluso. , ndiye kuti anthu osadziwa amagwera mosavuta m'njira yosavuta ngati imeneyi).
- Yayambiranso kuchotsa thandizo la FTP. Mu Chrome 86, FTP imayimitsidwa mwachisawawa kwa pafupifupi 1% ya ogwiritsa ntchito, ndipo mu Chrome 87 kuchuluka kwa kulumala kudzawonjezeka mpaka 50%, koma chithandizo chikhoza kubwezeredwa pogwiritsa ntchito "--enable-ftp" kapena "- -enable-features=FtpProtocol" mbendera. Mu Chrome 88, thandizo la FTP lizimitsidwa kwathunthu.
- Mu mtundu wa Android, wofanana ndi mtundu wamakompyuta apakompyuta, woyang'anira mawu achinsinsi amagwiritsa ntchito cheke cha malowedwe osungidwa ndi mapasiwedi motsutsana ndi nkhokwe yamaakaunti osokonekera, kuwonetsa chenjezo ngati mavuto apezeka kapena kuyesa kugwiritsa ntchito mapasiwedi ang'onoang'ono. Chekecho chimachitika motsutsana ndi nkhokwe yomwe ili ndi maakaunti opitilira 4 biliyoni omwe adawonekera m'malo osungidwa a ogwiritsa ntchito. Kusunga chinsinsi Chiyambi cha hashi chimatsimikiziridwa kumbali ya wogwiritsa ntchito, ndipo mawu achinsinsi okha ndi ma hashes awo onse samafalitsidwa kunja.
- Ikupezekanso mu mtundu wa Android batani la "Check Safety" ndi njira yowongoleredwa yodzitchinjiriza kumasamba oopsa (Kusakatula Kotetezedwa Kwapamwamba). Batani la "Check Safety" likuwonetsa chidule cha zovuta zachitetezo, monga kugwiritsa ntchito mawu achinsinsi osokonekera, momwe mungayang'anire masamba oyipa (Kusakatula Kwachitetezo), kupezeka kwa zosintha zosatulutsidwa, komanso kuzindikiritsa zoonjeza zoyipa. Chitetezo chapamwamba chimatsegula macheke owonjezera kuti atetezedwe ku chinyengo, zochita zoyipa ndi ziwopsezo zina zapaintaneti, ndikuphatikizanso chitetezo china pa akaunti yanu ya Google ndi ntchito za Google (Gmail, Drive, ndi zina). Ngati cheke mumayendedwe a Safe Browsing amachitidwa kwanuko pogwiritsa ntchito database yomwe imayikidwa nthawi ndi nthawi pamakina a kasitomala, ndiye mu Kusakatula Kwachitetezo Chowonjezera zambiri zamasamba ndi kutsitsa munthawi yeniyeni zimatumizidwa kuti zitsimikizidwe ku mbali ya Google, zomwe zimakupatsani mwayi woyankha mwachangu ziwopsezo zitangodziwika, osadikirira mpaka mndandanda wakuda wamba usinthidwa.
- kuthandizira fayilo yowonetsera ".well-known/change-password", yomwe eni ake atsamba angatchule adilesi ya fomu yapaintaneti kuti musinthe mawu achinsinsi. Ngati zidziwitso za wogwiritsa ntchito zisokonezedwa, Chrome tsopano iuza wogwiritsa ntchito fomu yosinthira mawu achinsinsi potengera zomwe zili mufayiloyi.
- Chenjezo latsopano la "Safety Tip" lakhazikitsidwa, lowonetsedwa potsegula malo omwe dera lawo likufanana kwambiri ndi malo ena ndipo heuristics imasonyeza kuti pali kuthekera kwakukulu kwa spoofing (mwachitsanzo, goog0le.com imatsegulidwa m'malo mwa google.com).
- kuthandizira pa cache ya Back-forward, yomwe imapereka kuyenda pompopompo mukamagwiritsa ntchito mabatani a "Back" ndi "Forward" kapena mukamayang'ana masamba omwe adawonedwa kale atsambali. Cache imathandizidwa pogwiritsa ntchito chrome://flags/#back-forward-cache setting.
- Kukhathamiritsa kwa kugwiritsa ntchito zida za CPU ndi windows kwachitika
kunja kwa malo. Chrome imayang'ana ngati zenera la msakatuli likupinidwa ndi mazenera ena ndikuletsa kujambula ma pixel m'malo omwe akudutsana. Kukhathamiritsa uku kudayatsidwa kwa anthu ochepa omwe amagwiritsa ntchito Chrome 84 ndi 85 ndipo tsopano akuyatsidwa kulikonse. Poyerekeza ndi zotulutsa zam'mbuyomu, kusagwirizana ndi machitidwe owoneka bwino omwe adapangitsa kuti masamba oyera opanda kanthu awonekere kwathetsedwa. - Kuchulukitsitsa kwazinthu zama tabu zakumbuyo. Ma tabu oterowo sangathenso kupitilira 1% yazinthu za CPU ndipo satha kutsegulidwa osapitilira kamodzi pamphindi. Pambuyo pa mphindi zisanu kukhala kumbuyo, ma tabo amawumitsidwa, kupatula ma tabo omwe akusewera ma multimedia kapena kujambula.
- Gwirani ntchito HTTP mutu User-Agent. Mu mtundu watsopano, chithandizo cha makinawa chimatsegulidwa kwa ogwiritsa ntchito onse , yopangidwa m'malo mwa User-Agent. Njira yatsopanoyi imaphatikizapo kubwezera deta yokhudzana ndi osatsegula ndi machitidwe (mtundu, nsanja, ndi zina zotero) pokhapokha atapempha ndi seva ndikupatsa mwayi kwa ogwiritsa ntchito kuti apereke chidziwitso choterocho kwa eni ake. Mukamagwiritsa ntchito Maupangiri a Makasitomala Ogwiritsa Ntchito, chizindikiritso sichimaperekedwa mwachisawawa popanda pempho lachindunji, zomwe zimapangitsa kuti zizindikiritso zapang'onopang'ono zisatheke (mwachisawawa, dzina la osatsegula lokha limawonetsedwa).
- Chizindikiro cha kukhalapo kwa zosintha komanso kufunika koyambitsanso msakatuli kuti muyike zasinthidwa. M'malo mwa muvi wachikuda, "Sinthani" tsopano ikuwoneka mu gawo la avatar ya akaunti.
- Ntchito yachitika kuti asinthe osatsegula kuti agwiritse ntchito mawu ophatikiza. M'mayina a ndondomeko, mawu oti "whitelist" ndi "blacklist" asinthidwa ndi "ollowlist" ndi "blocklist" (ndondomeko zomwe zawonjezeredwa kale zidzapitiriza kugwira ntchito, koma zidzawonetsa chenjezo la kuchotsedwa). MU ΠΈ zolozera ku "blacklist" zasinthidwa ndi "blocklist".
Mauthenga owoneka ndi ogwiritsa ntchito a "blacklist" ndi "whitelist" adasinthidwa kumayambiriro kwa 2019. - Anawonjezera luso loyesera kusintha mawu achinsinsi osungidwa, otsegulidwa pogwiritsa ntchito mbendera ya "chrome://flags/#edit-passwords-in-settings".
- Adasinthidwa kukhala API yokhazikika komanso yapagulu , zomwe zimakupatsani mwayi wopanga mapulogalamu a pa intaneti omwe amalumikizana ndi mafayilo amafayilo am'deralo. Mwachitsanzo, API yatsopano ikhoza kufunidwa m'malo otukuka ophatikizidwa ndi osatsegula, zolemba, zithunzi ndi makanema osintha. Kuti muthe kulemba mwachindunji ndi kuwerenga mafayilo kapena kugwiritsa ntchito ma dialogs kuti mutsegule ndi kusunga mafayilo, komanso kuti muyang'ane zomwe zili m'mabuku, pulogalamuyi imapempha wogwiritsa ntchito chitsimikiziro chapadera.
- Wosankha CSS "", yomwe imagwiritsa ntchito ma heuristics omwe asakatuli amagwiritsa ntchito posankha kuwonetsa chizindikiro chosinthira (posunthira kuyang'ana pa batani pogwiritsa ntchito njira zazifupi za kiyibodi, chizindikirocho chimawonekera, koma mukadina ndi mbewa, sichitero). Chosankha cha CSS chomwe chinalipo kale ":focus" nthawi zonse chimayang'ana kwambiri.
Kuphatikiza apo, njira ya "Quick Focus Highlight" yawonjezedwa pazosintha, ikayatsidwa, chizindikiro chowonjezera chidzawonetsedwa pafupi ndi zinthu zomwe zikugwira ntchito, zomwe zimawonekerabe ngakhale zitakhala kuti mawonekedwe owunikira amawumitsidwa patsamba. CSS. - Ma API angapo atsopano awonjezedwa ku Origin Trials mode (zoyeserera zomwe zimafunikira kuyatsa kosiyana). Origin Trial amatanthauza kuthekera kogwira ntchito ndi API yotchulidwa kuchokera ku mapulogalamu omwe adatsitsidwa kuchokera ku localhost kapena 127.0.0.1, kapena mutalembetsa ndi kulandira chizindikiro chapadera chomwe chili chovomerezeka kwa nthawi yochepa pa tsamba linalake.
- pazida zotsika za HID (zida zowonetsera anthu, kiyibodi, mbewa, ma gamepads, mapanelo okhudza), kukulolani kuti mugwiritse ntchito malingaliro ogwirira ntchito ndi chipangizo cha HID ku JavaScript kuti mukonzekere ntchito ndi zida za HID osowa popanda kukhalapo kwa madalaivala enieni. mu dongosolo.
Choyamba, API yatsopano ikufuna kupereka chithandizo cha masewera a masewera. - , imakulitsa Window Placement API kuti ithandizire masanjidwe amitundu yambiri. Mosiyana ndi zenera.screen, API yatsopano imakulolani kuti mugwiritse ntchito kuyika kwazenera mu malo onse owonetsera mawonedwe ambiri, popanda kungokhala pazithunzi zamakono.
- Meta tag , yomwe tsambalo lingadziwitse osatsegula za kufunika koyambitsa mitundu kuti muchepetse kugwiritsa ntchito mphamvu ndikuwongolera kuchuluka kwa CPU.
- API kufotokoza zophwanya malamulo odzipatula (COEP) ndi (COOP), popanda kugwiritsa ntchito zoletsa zenizeni.
- Mu API mtundu watsopano wa zidziwitso waperekedwa , kupereka chitsimikizo chowonjezera cha ntchito yolipira yomwe ikuchitika. Chipani chodalira, monga banki, chimatha kupanga kiyi yapagulu, PublicKeyCredential, yomwe ingapemphedwe ndi wamalonda kuti atsimikizire zolipira zowonjezera.
- pazida zotsika za HID (zida zowonetsera anthu, kiyibodi, mbewa, ma gamepads, mapanelo okhudza), kukulolani kuti mugwiritse ntchito malingaliro ogwirira ntchito ndi chipangizo cha HID ku JavaScript kuti mukonzekere ntchito ndi zida za HID osowa popanda kukhalapo kwa madalaivala enieni. mu dongosolo.
- Mu API kudziwa kupendekeka kwa cholembera, thandizo lawonjezeredwa kwa ngodya zautali (ngodya pakati pa cholembera ndi chophimba) ndi azimuth (ngodya pakati pa X olamulira ndi kuwonetsera kwa cholembera pazenera), m'malo mwa TiltX ndi TiltY ngodya (makona pakati pa ndege kuchokera ku cholembera ndi imodzi mwa nkhwangwa ndi ndege kuchokera ku Y ndi Y axs Z). Komanso anawonjezera ntchito kutembenuka pakati okwera/azimuth ndi TiltX/TiltY.
- Anasintha kabisidwe ka malo mu ma URL powerengera mu ma protocol handlers - njira ya navigator.registerProtocolHandler() tsopano ilowa m'malo ndi "%20" m'malo mwa "+", yomwe imagwirizanitsa machitidwe ndi asakatuli ena monga Firefox.
- Wowonjezera CSS pseudo-element "", zomwe zimakulolani kuti musinthe mtundu, kukula, mawonekedwe ndi mtundu wa manambala ndi mfundo za mindandanda mu midadada Ndipo .
- Thandizo la mutu wowonjezera wa HTTP , malamulo opezera zikalata, zofanana ndi njira yodzipatula ya sandbox ya iframes, koma yapadziko lonse lapansi. Mwachitsanzo, kudzera mu Document-Policy mutha kuchepetsa kugwiritsa ntchito zithunzi zotsika, kuletsa JavaScript APIs pang'onopang'ono, sinthani malamulo otsitsa ma iframe, zithunzi ndi zolemba, kuchepetsa kukula kwa chikalata chonse ndi kuchuluka kwa magalimoto, kuletsa njira zomwe zimatsogolera pakujambulanso tsamba, kuletsa. ntchito .
- Kuti element anawonjezera thandizo la 'inline-grid', 'grid', 'inline-flex' ndi 'flex' magawo omwe akhazikitsidwa kudzera pa 'chiwonetsero' cha CSS.
- Njira yowonjezera kusintha ana onse a makolo ndi mfundo ina ya DOM. M'mbuyomu, mutha kugwiritsa ntchito kuphatikiza kwa node.removeChild() ndi node.append() kapena node.innerHTML ndi node.append() kusintha ma node.
- mitundu yosiyanasiyana ya ma URL omwe amaloledwa kuchotsedwa pogwiritsa ntchito registerProtocolHandler(). Mndandanda wa ziwembu umaphatikizapo ma protocol a decentralized cabal, dat, did, dweb, ethereum, hyper, ipfs, ipns ndi ssb, zomwe zimakulolani kufotokozera maulalo kuzinthu mosasamala kanthu za malo kapena chipata chopereka mwayi wopeza gwero.
- Mu API onjezerani chithandizo chamtundu wa malemba/html pokopera ndi kumata HTML kudzera pa bolodi (zomangamanga zowopsa za HTML zimayeretsedwa polemba ndikuwerenga pa bolodi). Kusintha, mwachitsanzo, kumakupatsani mwayi wokonza zoyika ndi kukopera zolemba zojambulidwa ndi zithunzi ndi maulalo mu okonza masamba.
- Mu WebRTC Kutha kulumikiza zosamalira zanu zomwe zimatchedwa pagawo la encoding kapena decoding la WebRTC MediaStreamTrack. Mwachitsanzo, kuthekera uku kutha kugwiritsidwa ntchito powonjezera chithandizo cha kubisa komaliza mpaka kumapeto kwa data yomwe imafalitsidwa kudzera pa ma seva apakatikati.
- Mu injini ya JavaScript V8 ndi 75% kukhazikitsa Number.prototype.toString. Wowonjezera .name katundu ku makalasi asynchronous ndi mtengo wopanda kanthu. Njira ya Atomics.wake yachotsedwa, yomwe nthawi ina inasinthidwa kukhala Atomics.dziwitsani kuti zigwirizane ndi ndondomeko ya ECMA-262. Khodi ya zida zoyeserera zoyezetsa yatsegulidwa .
- The Liftoff baseline compiler ya WebAssembly, yomwe idatulutsidwa komaliza, ikuphatikiza kuthekera kogwiritsa ntchito malangizo a vector. kufulumizitsa kuwerengera. Kutengera mayesowo, kukhathamiritsa kudapangitsa kuti zitheke kufulumizitsa mayeso ena nthawi 2.8. Kukhathamiritsa kwina kunapangitsa kuti ikhale yachangu kwambiri kuyimba ntchito za JavaScript zochokera ku WebAssembly.
- zida zopangira mawebusayiti: Gulu la Media lawonjezera zambiri za osewera omwe amagwiritsidwa ntchito kusewera makanema patsambalo, kuphatikiza zomwe zidachitika, zipika, mitengo ya katundu, ndi magawo osinthira mafelemu (mwachitsanzo, mutha kudziwa zomwe zimayambitsa kutayika kwa chimango ndi zovuta zolumikizana. kuchokera ku JavaScript).
Pazosankha za gulu la Elements, kuthekera kopanga zowonera zomwe mwasankha kwawonjezedwa (mwachitsanzo, mutha kupanga chithunzi chazomwe zili mkati kapena tebulo).
Patsamba lawebusayiti, gulu lochenjeza zavuto lasinthidwa ndi uthenga wokhazikika, ndipo mavuto omwe ali ndi ma Cookies a chipani chachitatu amabisika mwachisawawa mu tabu ya Nkhani ndipo amayatsidwa ndi bokosi lapadera.
Mu tabu yoperekera, batani la "Letsani mafonti am'deralo" lawonjezedwa, lomwe limakupatsani mwayi woyerekeza kusowa kwa mafonti am'deralo, ndipo pa Sensor tabu mutha kutengera kusagwiritsa ntchito kwa ogwiritsa ntchito (pazogwiritsa ntchito pogwiritsa ntchito Idle Detection API).
Gulu la Application limapereka zambiri za iframe iliyonse, zenera lotseguka, ndi pop-up, kuphatikiza zambiri za kudzipatula kwa Cross-Origin pogwiritsa ntchito COEP ndi COOP.
- kusintha kwa protocol ku njira yomwe idapangidwa mu IETF, m'malo mwa Google QUIC.
Kuphatikiza pazatsopano ndi kukonza zolakwika, mtundu watsopano umatha . Zofooka zambiri zidadziwika chifukwa choyesa makina pogwiritsa ntchito zida , , , ΠΈ . Chiwopsezo chimodzi (CVE-2020-15967, mwayi wamakumbukidwe omasulidwa mu code yolumikizirana ndi Google Payments) amalembedwa kuti ndizovuta, mwachitsanzo. imakupatsani mwayi wodutsa magawo onse achitetezo cha asakatuli ndikuchita ma code pa system kunja kwa sandbox. Monga gawo la pulogalamu yolipira mphotho zandalama pozindikira zovuta zomwe zatulutsidwa pano, Google idapereka mphotho 27 zokwana $71500 (mphotho imodzi ya $15000, mphotho zitatu za $7500, mphotho zisanu za $5000, mphotho ziwiri za $3000, mphotho imodzi ya $200, ndi mphotho ziwiri za $500). Kukula kwa mphotho 13 sikunadziwikebe.
Source: opennet.ru