Chrome 76 yaive nayo a loophole mukushandiswa kweFileSystem API iyo inokubvumira kuti uone kubva kune web application kushandiswa kweiyo incognito mode. Kutanga neChrome 76, panzvimbo yekuvhara kupinda kweFilesSystem API, iyo yakashandiswa sechiratidzo cheIncognito mode chiitiko, browser haichabvumiri FileSystem API, asi inochenesa kuchinja kwakaitwa mushure memusangano. Sezvazvinoitika, iyo nyowani yekushandisa zvipingamupinyi zvinoita kuti zvikwanise kuona chiitiko cheincognito modhi sepakutanga.
Chinokosha chechinetso ndechokuti musangano ne FileSystem API mu incognito mode ndeyenguva pfupi, uye data haina kuchengetwa ku diski uye inochengetwa mu RAM. Zvichienderana, iyo nguva yekuchengetedza data kuburikidza neFileSystem API uye kutsauka kunomuka (kana uchichengetedza mu RAM, maitiro anogara achirekodhwa, nepo pakunyorera ku diski, kunonoka kunoshanduka) unogona kutonga nechivimbo kana peji iri kutariswa mune incognito mode kana kwete. . Kuipa kweiyi nzira ndeyekurebesa nzira yekuyera kutsauka, iyo inogona kugara ingangoita miniti ().
Panguva imwecheteyo, chimwezve chinhu chinoramba chisina kugadziriswa muChrome 76 , iyo inokutendera kuti utonge chiitiko cheincognito modhi zvichibva pakuongororwa kwezvirambidzo zvakaiswa kuburikidza neAPI. . Nokuda kwekuchengetedza kwenguva pfupi kunoshandiswa mu incognito mode, miganhu yakasiyana-siyana inogadziriswa pane yekuchengetedza yakazara pa diski.
Ngatikuyeuchidzei kuti masayiti anoshanda pamuenzaniso wekupa mukana wakazara kuburikidza nekubhadhara kwakabhadharwa (paywall) vanofarira kutsanangura incognito mode. Kukwezva vateereri vatsva, nzvimbo dzakadai dzinopa vashandisi vatsva demo yakazara yekuwana kwenguva yakati, iyo inoshingaira kushandiswa kudarika paywalls. Iyo iri nyore nzira yekuwana zvakabhadharwa zvemukati masisitimu akadaro ndeye kushandisa incognito mode, umo saiti inotenda kuti mushandisi akavhura peji kekutanga. Vaparidzi havasi kufara nemaitiro aya, saka vakashinga kushandisa loophole yakabatana neFileSystem API kuisa chinodiwa kudzima incognito mode kuti uenderere mberi nekutsvaga.
Source: opennet.ru