Phatlalatso ea Chrome 79

Google hlahisoa ho lokolloa ha sebatli sa marang-rang Chrome 79... Ka nako e le nngwe fumaneha tokollo e tsitsitseng ea morero oa mahala Chromium, e leng motheo oa Chrome. Sebatli sa Chrome fapaneng ts'ebeliso ea li-logos tsa Google, boteng ba sistimi ea ho romella litsebiso maemong a kotsi, bokhoni ba ho jarolla module ea Flash ha o e kopa, li-module tsa ho bapala litaba tsa video tse sirelelitsoeng (DRM), sistimi ea ho kenya liapdeite le phetisetso ka bo eona nakong ea ho batla. Litekanyetso tsa RLZ. Phallo e latelang ea Chrome 80 e reriloe ka la 4 Hlakubele.

ka sehloohong fetola в Chrome 79:

• butsoe Karolo ea ho Hlahloba Liphasewete, e etselitsoeng ho sekaseka matla a li-password tse sebelisoang ke mosebelisi. Ha u leka ho kena sebakeng sefe kapa sefe sa Tlhahlobo ea Password phethahatsa ho hlahloba ho kena le password khahlanong le database ea li-account tse senyehileng ka temoso haeba mathata a fumanoa (ho hlahloba ho etsoa ho ipapisitse le sehlomathiso sa hash lehlakoreng la mosebelisi). Cheke e etsoa khahlano le database e koahelang liak'haonte tse fetang limilione tse 4 tse senyehileng tse hlahang litsing tsa polokelo tsa basebelisi tse lutiloeng. Temoso e boetse e hlahisoa ha u leka ho sebelisa li-passwords tse sa reng letho joalo ka "abc123". Ho laola ho kenyelletsoa ha Password Checkup, ho kentsoe tlhophiso e khethehileng karolong ea "Sync and Google Services".
• Theknoloji e ncha ea ho lemoha phishing ka nako ea sebele e hlahisoa. Nakong e fetileng, netefatso e ne e etsoa ka ho fumana manane a thibollotsoeng sebakeng sa heno a Safe Browsing, a neng a nchafatsoa hoo e ka bang hanngoe metsotsong e meng le e meng e 30, e ileng ea bonahala e sa lekana, mohlala, maemong a ho feto-fetoha ha sebaka khafetsa ke bahlaseli. Mokhoa o mocha o u lumella ho hlahloba li-URL ha u fofa ka tlhahlobo ea pele khahlanong le li-whitelists tse kenyelletsang li-hashes tse likete tsa libaka tse tsebahalang tse tšepahalang. Haeba sebaka sa marang-rang se ntseng se buloa se le sieo lethathamong le lesoeu, sebatli se hlahloba URL ho seva sa Google, se fetisetsa likotoana tsa pele tse 32 tsa SHA-256 hash ea sehokelo, moo data ea motho e ka bang teng e khaoloang. Ho ea ka Google, mokhoa o mocha o ka ntlafatsa katleho ea litemoso bakeng sa libaka tse ncha tsa phishing ka 30%.
• E kentse ts'ireletso e matla khahlanong le phetisetso ea mangolo-tsoibila a Google le li-password life kapa life tse bolokiloeng ho molaoli oa password ka maqephe a phishing. Haeba u leka ho kenya phasewete e bolokiloeng sebakeng sa marang-rang moo password eo e sa sebelisoeng hangata, mosebelisi o tla lemosoa ka ketso e ka bang kotsi.
• Lihokelo tse sebelisang TLS 1.0 le 1.1 joale li bonts'a sesupo sa khokahano e sa sireletsehang. Tšehetsa TLS 1.0 le 1.1 ka botlalo e tla holofala ho Chrome 81, e reretsoeng ka la 17 Hlakubele 2020.
• E kentse bokhoni ba ho emisa li-tab tse sa sebetseng, e u lumellang hore u itokolle ka bo eona ho tsoa ho li-tab tsa memori tse bileng ka morao nako e fetang metsotso e 5 mme u sa etse liketso tsa bohlokoa. Qeto mabapi le ho tshwaneleha ha tabo e itseng bakeng sa serame e etswa ho itshetlehile hodima heuristics. Ho bulela tšebetso ho laoloa ka "chrome://flags/#proactive-tab-freeze".
• Sireletsehile Ho thibela litaba tse tsoakiloeng maqepheng a butsoeng holim'a HTTPS ho netefatsa hore maqephe a butsoeng ho https:// a na le lisebelisoa feela tse kentsoeng mocha oa puisano o sireletsehileng. Leha mefuta e kotsi ka ho fetesisa ea litaba tse tsoakiloeng, joalo ka lingoloa le li-iframe, li se li thibiloe ke kamehla, litšoantšo, lifaele tsa audio le livideo li ntse li ka khoasolloa ka http://. Letšoao la litaba tse tsoakiloeng tse neng li sebelisoa pele bakeng sa likenyelletso tse joalo li fumanoe li sa sebetse ebile li khelosa mosebelisi, kaha ha li fane ka tlhahlobo e hlakileng ea ts'ireletso ea leqephe. Ka mohlala, ka ho senya litšoantšo, mohlaseli a ka kenya Li-cookies tsa ho lata, a leka ho sebelisa hampe bofokoli ho li-processor tsa litšoantšo, kapa a etsa bolotsana ka ho fetola boitsebiso bo fanoeng setšoantšong. Ho thibela ho koala ha likarolo tse tsoakiloeng, ho kenyelelitsoe tlhophiso e khethehileng, e ka fumanoang ka menu e hlahang ha u tobetsa letšoao la senotlolo.
• Bokhoni bo ekelitsoeng ba liteko tsa ho arolelana litaba tsa clipboard lipakeng tsa komporo ea komporo le mefuta ea mehala ea Chrome. Maemong a Chrome e hokahaneng le ak'haonte e le 'ngoe, joale u ka khona ho fihlella litaba tsa clipboard ea sesebelisoa se seng, ho kenyelletsa le ho arolelana clipboard lipakeng tsa mehala ea mehala le ea komporo. Litaba tsa clipboard li ngotsoe ka mokhoa o sireletsehileng ka mokhoa oa ho tloha ho isa qetellong, o thibelang ho fumana mongolo ho li-server tsa Google. Ts'ebetso e nolofalitsoe ka likhetho tsa chrome://flags#shared-clipboard-receiver, chrome://flags#shared-clipboard-ui le chrome://flags#sync-clipboard-service.
• Ka har'a bara ea aterese ka linako tse itseng (mohlala, ha u boloka phasewete) ha khokahano ea profil e koetsoe, ntle le avatar, lebitso la ak'haonte ea hajoale ea Google le hlahisoa e le hore mosebelisi a tsebe ho tseba ak'haonte e sebetsang hona joale.
• E buletsoe 1% ea basebelisi tšehetso "DNS holim'a HTTPS" (DoH, DNS holim'a HTTPS). Teko e kenyelletsa basebelisi feela bao litlhophiso tsa bona tsa sistimi li seng li hlalositse bafani ba DNS ba tšehetsang DoH. Mohlala, haeba mosebelisi a e-na le DNS 8.8.8.8 e boletsoeng litlhophisong tsa sistimi, tšebeletso ea Google DoH (“https://dns.google.com/dns-query”) e tla kengoa tšebetsong ho Chrome; haeba DNS e le 1.1.1.1. XNUMX, ebe tšebeletso ea DoH Cloudflare ("https://cloudflare-dns.com/dns-query"), joalo-joalo. Ho laola hore na DoH e lumelletsoe, ho fanoe ka litlhophiso tsa "chrome://flags/#dns-over-https". Mekhoa e meraro ea ts'ebetso e tšehelitsoe: e bolokehileng, e itirisang le e koetsoeng. Ka mokhoa o "sireletsehileng", ba amohelang baeti ba ikemiselitse feela ho ipapisitse le boleng bo bolokehileng bo neng bo bolokiloe pele (bo amohetsoeng ka khokahano e sireletsehileng) le likopo ka DoH; ho khutlela ho DNS e tloaelehileng ha e sebelisoe. Ka mokhoa oa "automatic", haeba DoH le cache e sireletsehileng li le sieo, data e ka fumanoa ho cache e sa sireletsehang 'me ea fumanoa ka DNS ea setso. Ka mokhoa oa "tima", cache e arolelanoang e qala ho hlahlojoa 'me haeba ho se na data, kopo e romelloa ka tsamaiso ea DNS.
• E kentse liteko tšehetso caching ea litaba tse hlahisitsoeng ha u fetola maqephe u sebelisa likonopo tse ka pele le tsa morao, tse ka fokotsang haholo tieho nakong ea mofuta ona oa ho tsamaea ka lebaka la "caching" e feletseng ea leqephe lohle, e sa hlokeng ho fana ka lisebelisoa le ho kenya lisebelisoa. Ntlafatso e bonahala haholo mofuta oa lisebelisoa tsa mehala, moo keketseho ea ts'ebetso nakong ea ho tsamaea e fihlang ho 19%. Mokhoa o lumelloa ho sebelisa khetho ea "chrome://flags#back-forward-cache".
• E hlakotsoe ho beha "chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains", e neng e lumella ho khutlisa pontšo ea protocol bareng ea aterese (hona joale lihokelo tsohle li lula li bonts'oa ntle le https : // le http:/ /, hape ntle le "www.").
• Mehaho ea Windows e kenyelletsa sandboxing ea tšebeletso ea ho bapala molumo. Ho laola hore na ho itšehla thajana ho lumelletsoe, ho hlahisoa thepa ea AudioSandboxEnabled.
• Lisebelisoa tsa tsamaiso tse bohareng bakeng sa likhoebo li kenyelletsa bokhoni ba ho hlalosa melao e laolang hore na mohlala oa sebatli o ka sebelisa memori e kae pele li-tab tsa morao-rao li laolloa. Mehopolo e lokollotsoeng ka mor'a ho laolla tabo e ba teng bakeng sa tšebeliso, 'me likahare tsa tab li laeloa hape ha u fetohela ho eona.
• Linux e sebelisa processor ea netefatso ea setifikeiti e hahelletsoeng, e nkang sebaka sa sistimi ea NSS e neng e sebelisoa pele. Tabeng ena, processor e hahelletsoeng e ntse e tsoela pele ho sebelisa lebenkele la NSS nakong ea netefatso, empa e beha litlhoko tse thata ho feta ha e sebetsana le litifikeiti tse netefalitsoeng ka mokhoa o fosahetseng le tse netefalitsoeng ka thoko (litifikeiti tsohle li tlameha ho netefatsoa ke bolaoli ba setifikeiti).
• Phetolelong ea sethaleng sa Android eketsoe bokhoni ba ho abela li-icon tsa adapta bakeng sa lits'ebetso tse kentsoeng tsa webo tse sebetsang ka mokhoa oa Progressive Web Apps (PWA). Li-icon tsa Adaptive li ka ikamahanya le sebopeho se sebelisoang ke moetsi oa sesebelisoa, mohlala, se chitja, se sekwere, kapa se na le likhutlo tse boreleli.
• E kentsoe API Sesebelisoa sa WebXR, e fanang ka phihlello ea likarolo tsa ho theha 'nete ea nnete le e ntseng e eketseha. API e u lumella ho kopanya mosebetsi ka lihlopha tse fapaneng tsa lisebelisoa, ho tloha ho li-headsets tsa 'nete tse emeng joalo ka Oculus Rift, HTC Vive le Windows Mixed Reality, ho isa litharollong tse thehiloeng ho lisebelisoa tsa mohala tse kang Google Daydream View le Samsung Gear VR. Likopo tseo API e ncha e ka sebetsang ho tsona li kenyelletsa mananeo a ho shebella video ka mokhoa oa 360 °, mekhoa ea ho bona sebaka se nang le mahlakore a mararo, ho theha libaesekopo tsa sebele bakeng sa pontšo ea video, ho etsa liteko tsa ho theha li-interface tsa 3D bakeng sa mabenkele le li-galleries;
  

• Mokhoeng oa Liteko tsa Origin (likarolo tsa liteko tse hlokang ho arohana kenya tshebetsong) ho hlahisitsoe li-API tse ncha tse 'maloa. Teko ea Origin e bolela bokhoni ba ho sebetsa le API e boletsoeng ho tsoa lits'ebetsong tse jarollotsoeng ho tsoa ho localhost kapa 127.0.0.1, kapa ka mor'a ho ngolisa le ho amohela token e khethehileng e sebetsang ka nako e lekanyelitsoeng bakeng sa sebaka se itseng.
  • Bakeng sa likarolo tsohle tsa HTML, ho hlahisoa tšobotsi ea "rendersubtree", e tiisang hore pontšo ea karolo ea DOM e tsitsitse. Ho beha tšobotsi ho "sa bonahaleng" ho tla thibela litaba tsa element hore li sebelisoe kapa li hlahlojoe, e leng ho lumellang phetolelo e ntlafalitsoeng. Ha e behiloe ho "activatable", sebatli se tla tlosa tšobotsi e sa bonahaleng, se fane ka litaba ebe se etsa hore se bonahale.
  • Khetho ea API e ekelitsoeng Tsoha senotlolo e ipapisitse le mochini oa Ts'episo, o fanang ka mokhoa o sireletsehileng haholoanyane oa ho laola ho holofala ha li-skrini tsa auto-lock le ho fetola lisebelisoa ho mekhoa ea ho boloka matla.
• E kenyelelitse bokhoni ba ho sebelisa tšobotsi autofocus bakeng sa likarolo tsohle tsa HTML le SVG tse ka tsepamisang maikutlo.
• Bakeng sa litšoantšo le livideo sireletsoa Bala palo-karolelano ho ipapisitsoe le Bophara kapa Bophahamo, e ka sebelisoang ho tseba boholo ba setšoantšo u sebelisa CSS sethaleng ha setšoantšo se e-so be teng (ho rarolla bothata ba ho aha leqephe bocha kamora hore litšoantšo li kenngoe).
• E kentse thepa ea CSS font-Optical-moleposelekanyi, e behang ka bo eona boholo ba fonte bo fapaneng ho likhokahano tsa optical "opsz", haeba fonte e ba tšehetsa. Mokhoa o u lumella ho khetha sebopeho se nepahetseng sa glyph bakeng sa boholo bo boletsoeng, mohlala, sebelisa li-glyph tse fapaneng bakeng sa lihlooho.
• E kentse thepa ea CSS mofuta oa lethathamo, e u lumellang hore u sebelise matšoao leha e le afe ho e-na le linako tse mananeng, mohlala, “-“, “+”, “★” le “▸”.
• Haeba ho ke ke ha khoneha ho phethahatsa Worklet.addModule (), ntho e se e khutlisetsoa ka lintlha tse qaqileng mabapi le mofuta oa phoso, e leng se u lumellang hore u hlahlobe ka nepo sesosa sa phoso (mathata a khokahanyo ea marang-rang, syntax e fosahetseng, joalo-joalo). .).
• E emisitse ho sebetsa lintho при их перемещении между документами. При переносе между документами также отключено выполнение связанных со скриптом событий «error» и «load».
• Ka JavaScript enjene V8 e entsoe Ntlafatso ea ho sebetsana le liphetoho ho boemeli ba masimo linthong, ho fella ka ts'ebetso ea khoutu ea AngularJS ka har'a tlhahlobo ea Speedometer e sebetsang ka lebelo la 4%.
  

• V8 e boetse e ntlafatsa ts'ebetso ea li-getters tse hlalositsoeng ho li-API tse hahelletsoeng, joalo ka Node.nodeType le Node.nodeName, ha ho se na IC handler (inline caching). Phetoho e fokolitse nako e sebelisitsoeng ho IC nako ea ho sebetsa ka hoo e ka bang 12% ha ho etsoa liteko tsa Backbone le jQuery ho tloha ho Speedometer suite.
  

• Liphetho tsa mochini oa OSR (o bitsoang on-stack replacement) o bolokiloe, o nkang khoutu e ntlafalitsoeng nakong ea ts'ebetso (e o lumella ho qala ho sebelisa khoutu e ntlafalitsoeng bakeng sa mesebetsi e nkang nako e telele ntle le ho emela hore e sebetse hape). Caching ea OSR e etsa hore ho khonehe ho sebelisa liphetho tsa optimization ha o etsa ts'ebetso hape, ntle le tlhoko ea ho ntlafatsa bocha.
  Litekong tse ling, phetoho e ekelitse ts'ebetso ea tlhoro ka 5-18%.
  

• Liphetoho ho lisebelisoa bakeng sa baetsi ba marang-rang:
  E hlahile mokhoa oa ho lokisa liphoso ho fumana mabaka a ho thibela kopo kapa ho romella Cookie.
  
  • Sebokeng se nang le lenane la Li-cookie, bokhoni ba ho sheba ka potlako boleng ba Cookie e khethiloeng bo ekelitsoe ka ho tobetsa mohala o itseng.
    

  • E kentse bokhoni ba ho etsisa litlhophiso tse fapaneng bakeng sa meralo ea khetho ea mebala-bala le lipotso tsa media tse ratoang-tse fokotsoang (mohlala, ho leka boitšoaro ba leqephe ka theme ea sistimi e lefifi kapa litlamorao tse koetsoeng).
    

  • Moralo oa leqephe la Coverage o ntlafalitsoe, o o lumella ho lekola khoutu e sebelisitsoeng mme e sa sebelisoe. E kentse bokhoni ba ho sefa tlhahisoleseling ka mofuta oa eona (JavaScript, CSS). Tlhahisoleseding ya tshebediso ya khoutu le yona e a eketswa ha o hlahisa mongolo wa mohlodi.
    

  • E ekelitse bokhoni ba ho lokisa mabaka a ho kopa mohloli o itseng oa marang-rang ka mor'a ho rekota ts'ebetso ea marang-rang (o ka sheba mohlala oa mohala oa khoutu oa JavaScript o lebisitseng ho jarollotsoeng ha sesebelisoa).
    

  • E kenyellelitsoe "Litlhophiso> Likhetho> Mehloli> Sebopeho sa Default Indentation" ho fumana mofuta oa indentation (libaka tsa 2/4/8 kapa li-tab) khoutu e bonts'itsoeng ho liphanele tsa Console le Mehloli.

Ntle le boqapi le litokiso tsa liphoso, mofuta o mocha o tlosa bofokoli ba 51. Bofokoli bo bongata bo ile ba bonoa ka lebaka la tlhahlobo e ikemetseng e sebelisang AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer le lisebelisoa tsa AFL. Litaba tse peli (CVE-2019-13725, ho fihlella memori e seng e lokolotsoe ka khoutu bakeng sa tšehetso ea Bluetooth, le CVE-2019-13726, qubu e phallang ho mookameli oa password) e tšoauoa e le ea bohlokoa, ke hore. e u lumella ho feta maemo ohle a ts'ireletso ea sebatli le ho kenya khoutu ho sistimi e kantle ho tikoloho ea sandbox. Lena ke lekhetlo la pele hore mathata a mabeli a bohlokoa a fumanoe ka har'a potoloho e tšoanang ea ntlafatso ho Chrome. Kotsi ea pele e ile ea fumanoa ke bafuputsi ba Tencent Keen Security Lab le bontshitse tlhōlisanong ea Tianfu Cup, 'me ea bobeli e fumanoe ke Sergei Glazunov ho tloha Google Project Zero.

E le karolo ea lenaneo la moputso oa chelete bakeng sa ho sibolla bofokoli bakeng sa tokollo ea hajoale, Google e lefile likhau tse 37 tse jang $80000 (khau e le 'ngoe ea $20000, khau e le 'ngoe ea $10000, likhau tse peli tsa $7500, likhau tse 'nè tsa $5000, khau e le 'ngoe ea $3000, likhau tse peli tsa $2000 le $1000 tse peli. $500 likhau). Boholo ba meputso e 15 ha bo so tsejoe.

Source: opennet.ru