Phatlalatso ea Chrome 75

Google hlahisoa ho lokolloa ha sebatli sa marang-rang Chrome 75... Ka nako e le nngwe fumaneha tokollo e tsitsitseng ea morero oa mahala Chromium, e leng motheo oa Chrome. Sebatli sa Chrome fapaneng ts'ebeliso ea li-logos tsa Google, bokhoni ba ho kenya mochini oa Flash ha ho hlokahala, boteng ba sistimi ea ho romella litemoso haeba ho ka senyeha, li-module tsa ho bapala litaba tsa video tse sirelelitsoeng (DRM), sistimi ea ntlafatso ea othomathike, le phetisetso ha ho batloa. Litekanyetso tsa RLZ. Phallo e latelang ea Chrome 76 e reriloe ka la 30 Phupu.

ka sehloohong fetola в Chrome 75:

• Ho mokhoa oa canvas.getContext(). eketsa folakha e "desynchronized" bakeng sa ho sebetsana le maemo a Canvas (2D kapa WebGL) ho sebelisoa mokhoa o mong oa ho fana o fanang ka tieho e fokolang ka ho feta mochine o tloaelehileng oa ntlafatso ea DOM le ho hlahisa ka ho toba ka OpenGL;
• Extended API kabelo ea webo (object navigator.share), ka thuso ea eona, ho e-na le lethathamo la likonopo tsa motho ka mong, o ka hlahisa konopo e kopaneng bakeng sa ho phatlalatsa marang-rang a sechaba a amanang le moeti. Tokollong e ncha ho API eketsoe bokhoni ba ho bonts'a moqoqo o tloaelehileng oa ho romella lifaele lits'ebetsong tse ling (mohlala, ho Android, block e bonts'oa ho romelloa ka poso, Bluetooth, joalo-joalo);
• E kentswe tshebetsong bokhoni ba ho arola lihlopha tsa linomoro ka li-terminal tsa dijithale tse nang le sebopeho sa underscore. Mohlala, ho ntlafatsa ho baloa ha lipalo tse kholo khoutu, o ka hlakisa 1_000_000_000 mme nomoro ena e tla sebetsoa joalo ka 1000000000;
• E nolofalitsoe ka ho sa feleng bakeng sa basebelisi bohle ba komporo mokhoa o thata oa ho itšehla thajana, moo maqephe a mabotho a fapaneng a lulang a le mohopolong oa lits'ebetso tse fapaneng, e 'ngoe le e' ngoe e sebelisang sandbox ea eona. Ntho e ka sehloohong ea mokhoa o tiileng oa ho itšehla thajana ke karohano eseng ka li-tab, empa ka libaka, i.e. haeba pejana litaba tsa mangolo, li-iframe le li-popups tse laetsoeng ho tsoa libakeng tse ling li ne li etsoa ka mokhoa o ts'oanang le sebaka sa motheo, joale li tla aroloa ka mekhoa e fapaneng;
• Li-add-on tse thathamisitsoeng ka har'a li-blacklist joale li tla tlosoa ka botlalo, ho e-na le ho holofatsoa le ho kenngoa mokhoeng o sa sebetseng.
• Ho mookameli oa mosebetsi o hahelletsoeng ka har'a Chrome (Litlhophiso> Lisebelisoa tse ling> Motsamaisi oa Mosebetsi) sireletsoa ho bontša basebeletsi ba Tšebeletso;
• E kentse tšobotsi ea "window.open()" ho "moferefere", e o lumellang ho bula leqephe ntle le ho tlatsa sehlooho sa Referer;
• E kentsoe ditaelo CSP (Content Security Policy) "script-src-attr", "script-src-elem", "style-src-attr", le "style-src-elem", e fanang ka ts'ebetso ea litaelo tsa mongolo le setaele, empa e ka sebelisoa ho batho ba sebetsanang le liketsahalo, likarolo, kapa litšobotsi;
• Ho Web Authentication API eketsoe tšehetso bakeng sa FIDO CTAP2 PIN ho sebelisa PIN e hlalositsoeng ke mosebelisi ho lumella ts'ebetso ka linotlolo tse tšehetsang protocol. FIDO CCAP2. Sebakeng sa configurator, karolong ea "E tsoetseng pele", ho hlahile ntho ea "Laola linotlolo tsa ts'ireletso", moo u ka abelang PIN khoutu ho sireletsa linotlolo tse fumanehang ho USB drive, hammoho le khetho ea ho tsosolosa senotlolo (ho hlakola lintlha tsohle le PIN);
• Lintho tse kentsoeng ho API ea Lipopae tsa Marang-rang
  AnimationEffect le KeyframeEffect, e o lumellang hore o laole likarolo tsa animated le nako (nako, tieho).
  Ho feta moo, ho kentsoe sehahi se secha animation(), e fanang ka taolo e pharalletseng ea lipopae. Nakong e fetileng, Web Animations API e ne e u lumella ho etsa animation ka mokhoa oa Element.animate(), o khutlisetsang ntho e seng e entsoe. Hona joale moqapi a ka laola pōpo ea eona ka mohala o hlakileng oa moetsi, oo, ka mohlala, o ka hlalosang ntho ea KeyframeEffect;

• Khetho e ekelitsoeng HTMLVideoElement.playsInlineA e bolellang sebatli ho bonts'a video sebakeng sa ho bapala sa element (mohlala, ho fana ka mokhoa oa ho bapala skrineng se felletseng);
• Mokhoa oa MediaStreamTrack.getCapabilities() o sebelisa bokhoni ba ho fumana mefuta e mengata ea boleng bo nepahetseng bakeng sa thepa e amanang le lisebelisoa tsa molumo (sekhahla sa sampole, ho lieha, palo ea liteishene, joalo-joalo);
• API e kentsoe ho WebRTC RTCDtlsTransport ho fumana tlhahisoleseling mabapi le lipalangoang tse sebetsang, joalo ka ts'ebeliso ea SCTP kapa DTLS (Datagram Transport Layer Security), eo lipakete tsa RTP le RTCP li romelloang kapa li amoheloang ka tsona. E boetse e kenyellelitsoe sebopeho sa RTCIceTransport ho fana ka tlhahisoleseling mabapi le boemo ba lipalangoang
  Li-ICE tse sebelisitsoeng ho ntho ea RTCPeerConnection;

• Sehlooho sa Cache-Control se sebelisa taelo "stale-ha-re-revalidate", e u lumellang hore u behe fensetere ea nako e eketsehileng eo ka eona sebatli se ka sebelisang sesebelisoa ka nako e felileng ea ho hlahloba bocha;
• E ekelitse bokhoni Tsamaisetsa Snap Stop ho fumana hore na ho tlamahane ho likaroloana nakong ea ho phenya ka inertial (mohlala, boitšisinyo bo pharaletseng ha u khetha lethathamong la litšoantšo ho tla fella ka khetho ea e seng ea ho qetela, empa e latelang);
• Mofuteng oa Android, sebopeho sa liparamente tsa ho tlatsa akhaonto ka mefuta ea netefatso se ntlafalitsoe. Sebaka sa tooltip se se se bontšoa ka ho toba ka holim'a keyboard e skrineng, 'me, ha e tobetse, e bonts'a likhetho tse bolokiloeng tse ka khonehang ho e-na le keyboard e skrineng, ntle le ho pata foromo ea ho kenya;
• Teko e kentsoeng bakeng sa Mokhoa oa ho Bala, ha e lumelletsoe, ho hlahisoa mongolo o nang le moelelo feela, 'me litaolo tsohle tse amanang, li-banner, menus, navigation bar, le likarolo tse ling tse sa amaneng le litaba tsa leqephe lia patoa. Ho nolofalletsa ts'ehetso bakeng sa mokhoa o mocha ho etsoa ke khetho ea chrome://flags/#enable-reader-mode, ka mor'a moo ntho ea ho e sebelisa e hlaha ho menu e theoha;
• Enjene ea V8 JavaScript e sebelisa caching e hlakileng ea liphetho tsa pokello ea WebAssembly (ha leqephe le buloa hape, likarolo tsa WebAssembly tse sebetsitsoeng pele li tla hlahisoa ho tsoa ho cache). IN
  WebAssembly e boetse e kentse memori e ncha.copy, memory.fill, table.copy, memory.init, le table.init litaelo tsa ho kopitsa, ho tlatsa, le ho qala libaka tse kholo tsa mohopolo;

• Tšehetso e ekelitsoeng bakeng sa ho arola ka ho toba mangolo a fofang ha a ntse a kopitsoa holim'a marang-rang ntle le ho kenyelletsa khoele e kholo ea Chrome. Nakong e fetileng, khoele e ile ea amoheloa ka lekhetlo la pele khoeleng e ka sehloohong, eo ho eona e ileng ea fetisetsoa ho mohlahlobi. Tokisetso ena e ne e bolela hore ho tsamaisa bocha ho ka thijoa ke mesebetsi e meng e sebetsang ho khoele e kholo, joalo ka ho fetisa HTML le ho kenya JavaScript e 'ngoe. Joale ho fetisoa ho joalo ho felisitsoe;
• Lintlafatso tsa lisebelisoa bakeng sa baetsi ba marang-rang:
  • Mokhoa oa ho hlahloba CSS o fana ka tlatsetso e ikemetseng bakeng sa mabitso le boleng ba lits'ebetso tse ka sebelisoang ho thepa ea CSS (mohlala, "filthara: blur(1px)"). Litekanyetso tse khothaletsoang li bonahala hang-hang ho sebopeho sa leqephe leo u le bonang;
    

  • Phanele ea litaelo e bonts'itsoeng ha u tobetsa Ctrl+Shift+P e sebelisa taelo ea "Clear Site Data" ho hlakola lintlha tsohle tse amanang le leqephe (tse tšoanang le ho letsetsa Kopo> Hlakola menu ea Storage), ho kenyeletsoa basebetsi ba Tšebeletso, LocalStorage, sessionStorage, IndexedDB, Web SQL, Cookies, Cache le Cache ea Kopo;
  • E ekelitse bokhoni ba ho sheba li-database tsohle tse teng tsa IndexedDB (pele, ho Kopo> IndexedDB, u ka sheba database bakeng sa sebaka sa hona joale, se neng se sa lumelle, ka mohlala, ho hlahloba tšebeliso ea IndexedDB ka li-blocks tse laetsoeng ka iframe);
    

  • Sebokeng sa tlhahlobo ea marang-rang, sesebelisoa se hlahang ha se ntse se phahama holim'a masimo a kholumong ea "Size" joale se bonts'a boholo ba sesebelisoa ka sebopeho sa sona sa mantlha, ntle le khatello;
    

  • The debugger sidebar e fana ka tlhahiso e arohaneng ea tlhahisoleseding mabapi le boemo ba li-breakpoints tse amanang le likarolo tsa motho ka mong tsa lipolelo tse rarahaneng moleng (inline breakpoint), mohlala, tse behiloeng ka mokhoa oa ho letsetsa mohala;
    

  • Liphanele tsa tlhahlobo ea IndexedDB le Cache, pontšo ea li-counters tsa palo eohle ea lisebelisoa ho database kapa cache e kenngoa ts'ebetsong;
    

• Ho aha Canary ea liteko eketsoe tšehetso
  phihlello ho DNS holim'a HTTPS (DoH, DNS holim'a HTTPS), e ka sebelisoang ho chrome://flags#dns-over-https. DoH e ka ba molemo bakeng sa ho thibela ho lutla ha tlhahisoleseling mabapi le mabitso a baamoheli a kopiloeng ka li-server tsa DNS tsa bafani, ho loants'a litlhaselo tsa MITM le DNS the traffic spoofing, ho hanela ho thibela boemo ba DNS, kapa ho hlophisa mosebetsi haeba ho ke ke ha khoneha ho fumana li-server tsa DNS ka kotloloho (mohlala, ha u sebetsa ka proxy);

Ntle le boqapi le litokiso tsa liphoso, mofuta o mocha oa felisa 42 bofokoli. Bofokoli bo bongata bo ile ba khetholloa ka lebaka la lisebelisoa tsa tlhahlobo tse ikemetseng AtereseSanitizer, MemorySanitizer, Laola Phallo Botšepehi, LibFuzzer и AFL. Ha ho litaba tse mahlonoko tse lumellang ho feta maemo ohle a ts'ireletso ea sebatli le khoutu ea ts'ebetso ka har'a sistimi e kantle ho tikoloho ea sandbox e khethiloeng. E le karolo ea lenaneo la Vulnerability Bounty bakeng sa tokollo ea hajoale, Google e lefile libonase tse 13 tsa boleng ba $9000 (bonase e le 'ngoe ea $5000, libonase tse peli tsa $1000, le libonase tse nne tsa $500). Chelete ea meputso e 7 ha e so tsejoe.

Source: opennet.ru