Giorgio Maone, mashruuc abuuray , Siideynta ugu horreysa ee wax-ku-darka browserka Chrome-ka ayaa diyaar u ah in la tijaabiyo. Dhismuhu wuxuu u dhigmaa nooca 10.6.1 ee Firefox waxaana la suurtageliyay iyada oo ay ugu wacan tahay wareejinta laanta NoScript 10 ee farsamada WebExtension. Sii daynta Chrome waxay ku jirtaa heerka beta iyo si aad uga soo dejiso Bakhaarka Mareegta Chrome. NoScript 11 ayaa la qorsheeyay in la sii daayo dhammaadka Juunyo, taas oo noqon doonta sii-deynta ugu horreysa ee taageerada xasilloon ee Chrome/Chromium.
Ku-darka loogu talagalay in lagu xannibo koodka JavaScript ee khatarta ah iyo kuwa aan la rabin, iyo sidoo kale noocyada kala duwan ee weerarrada (, , , ), oo loo adeegsaday qayb ka mid ah Tor Browser-ka iyo qaybin badan oo ku jihaysan sirta. Waxaa la xusay in muuqaalka version ee Chrome uu yahay marxalad muhiim ah horumarinta mashruuca - hadda waa la mideeyey waxaana loo isticmaali karaa in lagu abuuro shirar Firefox iyo browser-yada labadaba ku salaysan matoorka Chromium.
Mid ka mid ah farqiga u dhexeeya nooca tijaabada ah ee NoScript ee Chrome waa curyaaminta shaandhada XSS ee loo isticmaalo in lagu xannibo qoraalka goobta iyo beddelka koodka JavaScript ee qolo saddexaad. Ilaa ay sifadani ka bilaabato oo ay socoto, isticmaalayaashu waa in ay ku tiirsanaadaan Chrome-ka ku dhex dhisan ee XSS Auditor, kaas oo aan waxtar u lahayn sida Hubiyaha Durida NoScript. Shaandheeyaha XSS weli lama xawili karo sababtoo ah waxay u baahan tahay habayn codsi isku mid ah si uu u shaqeeyo. Hal mar, markii loo guurayo WebExtension, horumarinta Mozilla waxay ku hirgeliyeen API-gan qaar ka mid ah sifooyinka horumarsan ee lagama maarmaanka u ah NoScript, sida maamulayaasha asynchronous, kuwaas oo Google aan weli u wareejin Chrome.
Source: opennet.ru