🥇Chrome 83 tokollo

Google hlahisoa ho lokolloa ha sebatli sa marang-rang Chrome 83... Ka nako e le nngwe fumaneha tokollo e tsitsitseng ea morero oa mahala Chromium, e leng motheo oa Chrome. Sebatli sa Chrome fapaneng ts'ebeliso ea li-logos tsa Google, boteng ba sistimi ea ho romella litsebiso maemong a kotsi, bokhoni ba ho jarolla module ea Flash ha o e kopa, li-module tsa ho bapala litaba tsa video tse sirelelitsoeng (DRM), sistimi ea ho kenya liapdeite le phetisetso ka bo eona nakong ea ho batla. Litekanyetso tsa RLZ. Ka lebaka la phetoho ea bahlahisi ba ho sebetsa ba le hae nakong ea seoa sa SARS-CoV-2 coronavirus, tokollo ea Chrome 82 e ile ea lieha. hlotsoe. Phallo e latelang ea Chrome 84 e reriloe ka la 14 Phupu.

ka sehloohong fetola в Chrome 83:

E qalile ho kenyeletsoa ka bongata "DNS holim'a HTTPS" mokhoa (DoH, DNS holim'a HTTPS) litsamaisong tsa basebelisi bao litlhophiso tsa bona tsa sistimi li hlakisang bafani ba DNS ba tšehetsang DoH (DoH ea mofani oa DNS ea tšoanang e tla lumelloa). Mohlala, haeba mosebelisi a e-na le DNS 8.8.8.8 e boletsoeng litlhophisong tsa sistimi, tšebeletso ea Google DoH (“https://dns.google.com/dns-query”) e tla kengoa tšebetsong ho Chrome; haeba DNS e le 1.1.1.1. XNUMX, ebe tšebeletso ea DoH Cloudflare ("https://cloudflare-dns.com/dns-query"), joalo-joalo. Ho felisa mathata ka ho rarolla li-intranete tsa khoebo, DoH ha e sebelisoe ha ho etsoa qeto ea tšebeliso ea sebatli ho litsamaiso tse laoloang ke setsi. DoH e boetse ea holofala ha tsamaiso ea batsoali e le teng.
Ho laola ts'ebetso ea DoH le ho fetola mofani oa DoH ho etsoa ka setlhophiso se tloaelehileng.
E khothalelitsoe новое sebopeho likarolo liforomo tsa marang-rang tse lokiselitsoeng ho sebelisoa li-touchscreens le litsamaiso tsa batho ba nang le bokooa. Moralo o ile oa ntlafatsoa ke Microsoft e le karolo ea nts'etsopele ea sebatli sa Edge mme oa fetisetsoa setsing sa mantlha sa khoutu ea Chromium. Pele, likarolo tse ling tsa sebopeho li ne li etselitsoe ho tsamaisana le likarolo tsa sistimi ea ts'ebetso, 'me tse ling li ne li etselitsoe ho ts'oana le mekhoa e tsebahalang haholo. Ka lebaka lena, likarolo tse fapaneng li ne li loketse ka tsela e fapaneng bakeng sa li-touch screens, li-system tsa bokooa, le li-control tsa keyboard. Morero oa rework e ne e le ho kopanya moralo oa likarolo tsa sebopeho le ho felisa ho se lumellane ha setaele.
Moralo oa karolo ea "Lekunutu le Tšireletso" e fetotsoe. eketsoe lisebelisoa tse ncha tsa tsamaiso ea ts'ireletso. Litlhophiso li se li fumaneha habonolo ebile ho bonolo ho li utloisisa. Ho fanoe ka likarolo tse 'nè tsa motheo, tse nang le lisebelisoa tse amanang le ho hlakola histori, ho laola Li-cookie le lintlha tsa sebaka sa marang-rang, mekhoa ea ts'ireletso le lithibelo kapa litumello tse amanang le libaka tse itseng. Mosebelisi a ka thibela kapele Li-cookie tsa motho oa boraro bakeng sa mokhoa oa incognito kapa libaka tsohle tsa marang-rang, kapa a thibela li-cookies tsohle bakeng sa sebaka se itseng. Moralo o mocha o lumelloa feela lits'ebetsong tsa basebelisi ba bang; ba bang ba ka kenya litlhophiso ka "chrome://flags/#privacy-settings-redesign".
Litlhophiso tse ikhethileng tsa sebaka li arotsoe ka lihlopha - phihlello ea sebaka, kh'amera, maekrofounu, litsebiso le ho romella data e ka morao. Ho boetse ho na le karolo e nang le litlhophiso tse ling tsa ho thibela JavaScript, litšoantšo le ho tsamaisa libaka tse ling. Ketso ea ho qetela ea mosebelisi e amanang le ho fetoha ha tumello e totobatsoa ka thoko.
Ka mokhoa oa incognito, ho thibela Li-Cookie tsohle tse behiloeng ke libaka tsa batho ba bang, ho kenyelletsa le marang-rang a papatso le litsamaiso tsa tlhahlobo ea webo, ho etsoa ka mokhoa o ikhethileng. Sehokelo se atolositsoeng sa ho laola ho kengoa ha Li-cookies ho liwebsaete le tsona li fanoa. Bakeng sa taolo, ho fanoe ka lifolakha "chrome://flags/#improved-cookie-controls" le "chrome://flags/#improved-cookie-controls-for-third-party-cookie-blocking". Kamora ho kenya mokhoa ona, ho hlaha letšoao le lecha bareng ea aterese; ha o tobetse, ho bonts'oa palo ea Li-cookie tse koetsoeng mme khetho ea ho thibela thibelo e fanoa. U ka bona hore na ke li-Cookies life tse lumelletsoeng le tse koetsoeng bakeng sa sebaka sa hajoale sa "Cookies" karolong ea "Li-cookie", e bitsoa ka ho tobetsa letšoao la senotlolo bareng ea aterese, kapa ho li-setting.
Litlhophiso li fana ka konopo e ncha ea "Tlhahlobo ea Ts'ireletso", e fanang ka kakaretso ea mathata a ts'ireletso a ka bang teng, joalo ka ts'ebeliso ea li-password tse senyehileng, boemo ba ho lekola libaka tse mpe (Safe Browsing), boteng ba liapdeite tse sa kengoang le ho tsebahatsa li-password tse mpe. -ons.
Motsamaisi oa phasewete o kentse bokhoni licheke Li-logins le li-password tsohle tse bolokiloeng ho tsoa polokelong ea li-account tse senyehileng tse nang le temoso e bonts'itsoeng haeba mathata a bonoa (ho hlahloba ho etsoa ho ipapisitse le ho hlahloba sehlomathiso sa hash lehlakoreng la mosebelisi; li-password ka botsona le li-hashes tsa tsona tse felletseng ha li fetisoe kantle ho naha). Cheke e etsoa khahlano le database e koahelang liak'haonte tse fetang limilione tse 4 tse senyehileng tse hlahang litsing tsa polokelo tsa basebelisi tse lutiloeng. Temoso e boetse e hlahisoa ha u leka ho sebelisa li-passwords tse sa reng letho joalo ka "abc123".
Tsebisoa Mokhoa o atolositsoeng oa ts'ireletso khahlano le libaka tse kotsi (Sebatli se Sireletsehileng se Matlafalitsoeng), se kenyang licheke tse ling ho sireletsa khahlanong le bosholu, liketso tse lonya le litšokelo tse ling Webosaeteng. Tšireletso e eketsehileng e boetse e sebelisoa bakeng sa akhaonto ea hau ea Google le litšebeletso tsa Google (Gmail, Drive, joalo-joalo). Haeba ka mokhoa o tloaelehileng oa Safe Browsing licheke li etsoa sebakeng sa heno ho sebelisoa polokelong ea boitsebiso e kentsoeng nako le nako tsamaisong ea moreki, joale ho Ntlafatso ea Porausara e Sireletsehileng, tlhaiso-leseling e mabapi le maqephe le tse jarollotsoeng ka nako ea nnete e romelloa ho ts'ebeletso ea Google Safe Browsing ho netefatsoa ka lehlakoreng la Google, e u lumella ho arabela ka potlako ho litšokelo hang ka mor'a hore li khethoe, ntle le ho emela hore lenane la batho ba khelohileng le ntlafatsoe.
Ho potlakisa mosebetsi, e ts'ehetsa ho hlahlojoa esale pele khahlanong le li-whitelists, tse kenyelletsang li-hashes tsa libaka tse likete tse tsebahalang, tse tšepahalang. Haeba sebaka sa marang-rang se ntseng se buloa se le sieo lethathamong le lesoeu, sebatli se hlahloba URL ho seva sa Google, se fetisetsa likotoana tsa pele tse 32 tsa SHA-256 hash ea sehokelo, moo data ea motho e ka bang teng e khaoloang. Ho ea ka Google, mokhoa o mocha o ka ntlafatsa katleho ea litemoso bakeng sa libaka tse ncha tsa phishing ka 30%.
Ho e-na le ho penya li-icon tsa tlatsetso ka bo eona haufi le bara ea aterese, ho se ho kentsoe menyu e ncha, e bonts'itsoeng ke letšoao la puzzle, le thathamisang li-add-on tsohle tse fumanehang le matla a tsona. Kamora ho kenya tlatsetso, mosebelisi joale o tlameha ho etsa hore aekhone ea tlatsetso e kenngoe phanele, ha ka nako e ts'oanang a ntse a lekola litumello tse fanoeng ho tlatsetso. Ho etsa bonnete ba hore tlatsetso ha e lahlehe, hang ka mor'a ho kenya letšoao le bonts'oa le tlhahisoleseding e mabapi le tlatsetso e ncha. Lenaneo le lecha le nolofalitsoe ka mokhoa o ikhethileng bakeng sa liperesente tse itseng tsa basebelisi, ba bang ba ka e nolofalletsa ho sebelisa "chrome://flags/#extensions-toolbar-menu".
E kentse litlhophiso tsa "chrome://flags/#omnibox-context-menu-show-full-urls", ha e lumelletsoe, ntho ea "Kamehla e bonts'a URL e felletseng" e hlaha ho menyu ea aterese, e thibelang ho sotha URL. Ha re hopoleng hore ho Chrome 76 bara ea liaterese e fetoletsoe ka mokhoa oa kamehla ho bonts'a likhokahano ntle le "https://", "http://" le "www.". Ho ne ho e-na le maemo a ho thibela boits'oaro bona, empa ho Chrome 79 e ile ea tlosoa 'me basebelisi ba lahleheloa ke bokhoni ba ho hlahisa URL e feletseng bareng ea aterese.
Bakeng sa basebelisi bohle, mosebetsi oa lihlopha tsa li-tab ("chrome://flags/#tab-groups") o lumelletsoe, e leng se u lumellang ho kopanya li-tab tse 'maloa tse nang le merero e tšoanang ka lihlopha tse arohaneng ka pono. Sehlopha ka seng se ka abeloa 'mala oa sona le lebitso la sona. Ho feta moo, ho hlahisitsoe khetho ea liteko bakeng sa lihlopha tse putlamang le ho atolosoa, tse seng li sa sebetse litsamaisong tsohle. Ka mohlala, lihlooho tse ’maloa tse sa baloang li ka ’na tsa putlama ka nakoana, tsa siea feela letšoao e le hore li se ke tsa nka sebaka ha li ntse li tsamaea, ebe li khutlela sebakeng sa tsona ha li khutlela ho bala. Ho bulela mokhoa ona, peakanyo e sisintsweng ke "chrome://flags/#tab-groups-collapse".
Litemoso li etsoa ka mokhoa oa kamehla ha u leka ho bootle bo sa bolokehang (ntle le encryption) lifaele tse ka sebetsoang ka likhokahano tse tsoang maqepheng a HTTPS (ho Chrome 84, download ea lifaele tse ka sebetsoang e tla thibeloa, 'me temoso e tla qala ho fanoa bakeng sa li-archives). Hoa hlokomeleha hore ho khoasolla lifaele ntle le encryption ho ka sebelisoa ho etsa ts'ebetso e mpe ka ho kenya sebaka sa litaba nakong ea litlhaselo tsa MITM. Hape E thibetsoe ho khoasolla lifaele ka li-block tsa iframe tse ka thoko.
Ha o kenya Adobe Flash, molaetsa oa temoso o kentsoe o bontšang hore tšehetso ea theknoloji ena e tla fela ka December 2020.
Thekenoloji e kentswe tshebetsong Mefuta e tšepahalang, e leng se u lumellang hore u thibele mekhoa ea DOM e lebisang ho cross-site scripting (DOM XSS), ka mohlala, ha u sebetsa ka mokhoa o fosahetseng data e fumanoeng ho tswa ho mosebedisi ka eval() blocks kapa ".innerHTML", e ka lebisang ho JavaScript code. e etsoa ho latela moelelo oa leqephe le itseng. Mefuta e ts'eptjoang e hloka hore data e lokisoe pele e e fetisetsa lits'ebetsong tse kotsi. Ka mohlala, ha mefuta e Tšepahalang e lumelletsoe, ho etsa "anElement.innerHTML = location.href" ho tla baka phoso 'me ho tla hloka hore ho sebelisoe lintho tse khethehileng tsa TrustedHTML kapa TrustedScript ha u abela. Ho nolofaletsa Mefuta e Tšeptjoang ho etsoa ka CSP (Content-Security-Policy).
E kentsoe Lihlooho tse ncha tsa Cross-Origin-Embedder-Policy le Cross-Origin-Opener-Policy HTTP ho nolofalletsa mokhoa o khethehileng oa ho itšehla thajana bakeng sa ts'ebeliso e sireletsehileng ea leqephe la ts'ebetso e khethehileng joalo ka SharedArrayBuffer, Performance.measureMemory() le profiling APIs tse ka bang teng. e sebelisoang ho etsa litlhaselo tsa kanale tse ka thoko joalo ka Specter. Mokhoa oa ho itšehla thajana o fapaneng le ona ha o u lumelle ho fetola tokomane.thepa ea domain.
Ho hlahisoa ts'ebetsong e ncha ea mokhoa oa ho hlahloba phihlello ea lisebelisoa ho marang-rang - OOR-CORS (Out-Of-Renderer Cross-Origin Resource Sharing). Ts'ebetso ea khale e ne e ka hlahloba feela likarolo tsa mantlha tsa enjene ea Blink, XHR le Fetch API, empa ha ea ka ea koahela likopo tsa HTTP tse entsoeng ho tsoa ho li-module tse ling tsa ka hare. Ts'ebetsong e ncha e rarolla bothata bona.
Li-API tse 'maloa tse ncha li kentsoe mokhoa oa liteko tsa Origin (likarolo tsa liteko tse hlokang ts'ebetso e arohaneng). Teko ea Origin e bolela bokhoni ba ho sebetsa le API e boletsoeng ho tsoa lits'ebetsong tse jarollotsoeng ho tsoa ho localhost kapa 127.0.0.1, kapa ka mor'a ho ngolisa le ho amohela token e khethehileng e sebetsang ka nako e lekanyelitsoeng bakeng sa sebaka se itseng.
- API Native File System, e u lumellang hore u thehe lits'ebetso tsa webo tse sebelisanang le lifaele tsa sistimi ea lehae. Ka mohlala, API e ncha e ka 'na ea hlokoa libakeng tsa nts'etsopele e kopanetsoeng ea sebadi, bahlophisi ba mongolo, litšoantšo le livideo. E le hore u tsebe ho ngola le ho bala lifaele ka ho toba, sebelisa lipuisano ho bula le ho boloka lifaele, hammoho le ho tsamaea ka har'a likahare tsa li-directory, kopo e botsa mosebedisi bakeng sa tiiso e khethehileng;
- Mokhoa Performance.measureMemory() ho lekanya tshebediso ya memori ha o sebetsana le tshebediso ya webe kapa leqephe la webo. E ka sebelisoa ho sekaseka le ho ntlafatsa ts'ebeliso ea memori lits'ebetsong tsa webo, hammoho le ho tseba ho eketseha ho hoholo ha tšebeliso ea memori.
- Mokhoa Scheduler.postTask() bakeng sa ho hlophisa mesebetsi (li-callback tsa JavaScript) tse nang le maemo a fapaneng a bohlokoa (e thibela mosebetsi oa mosebelisi, e etsa liphetoho tse bonahalang le mosebetsi oa morao-rao). U ka sebelisa ntho ea TaskController ho fetola lintho tse tlang pele le ho hlakola mesebetsi.
- API Melapo e kentsoeng ea WebRTC, e lumellang lits'ebetso hore li iketsetse lisebelisoa tsa tsona tsa data tse sebelisoang ha ho khouto le ho decoding WebRTC MediaStreamTrack. Mohlala, API e ka sebelisoa ho fana ka encryption ea pheletso ea melapo e fetisoang ka seva ea lipalangoang.
E kentse API Ho fumana Barcode ho lemoha le ho hlwaya di-barcode setshwantshong se fanoeng. API e sebetsa feela disebedisweng. Android ka sephutheloana sa Litšebeletso tsa Google Play se kentsoeng.
E kentse meta tag leano la mmala, ho lumella sebaka sa marang-rang ho fana ka tšehetso e felletseng bakeng sa sehlooho se lefifi ntle le ho sebelisa liphetoho tsa CSS.
E kentse bokhoni ba ho sebelisa li-module tsa JavaScript ho mosebeletsi e kopanetsweng.
Ho IndexedDB IBDDatabase.transaction() khang e ncha e ekelitsoe
"durability", e leng se u lumellang hore u laole ho tsosolosoa ha data ho drive. Ka ho fetisa boleng ba "relaxed" ho e-na le mokhoa oa "strict" oa kamehla, o ka tela ho tšepahala molemong oa ts'ebetso (pele Chrome e ne e lula e kenya data ho disk ka mor'a ho ngola ntho e 'ngoe le e 'ngoe).
E kenyellelitsoe @supports ts'ebetso ho selector() ho u lumella ho bona boteng ba bakhethoa ba CSS (mohlala, u ka qala ka ho lekola boteng ba mokhethoa pele u tlamella mekhoa ea CSS ho eona).
@e tšehetsa mokhethoa(::pele) {
div { bokamorao: botala };
}
Ka Intl.DateTimeFormat eketsoe thepa ea fractionalSecondDigits ho hlophisa sebopeho sa ponts'o sa metsotsoana.
enjine ea V8 potlakisitsoe ho lata ArrayBuffer ka har'a pokello ea lithōle. Li-module tsa WebAssembly li lumelloa ho kopa ho fihla ho 4 GB ea memori.
E kentsoe lisebelisoa tse ncha bakeng sa baetsi ba marang-rang. Ka mohlala, ho hlahile mokhoa o etsisang maikutlo a leqephe ke batho ba nang le pono e fokolang le mefuta e sa tšoaneng ea bofofu ba mebala. Ho kentsoe mokhoa oa ho etsisa liphetoho tsa sebaka, ho fetoha ho ama API Intl.*, *.prototype.toLocaleString, navigator.language, Accept-Language, joalo-joalo.
The COEP (Cross-Origin Embedder Policy) debugger e kenyelelitsoe ho sebopeho sa tlhahlobo ea ts'ebetso ea marang-rang, e leng se u lumellang hore u hlahlobe mabaka a ho thibela ho kenngoa ha lisebelisoa tse itseng holim'a marang-rang. E kentse lebitso la sehlooho la cookie-path ho sefa likopo tseo ho tsona Cookie e tlamehileng ho tse itseng litsela.
E kentse mokhoa oa pinning bakeng sa lisebelisoa tsa moqapi ka lehlakoreng le letšehali la skrine.
Sehokelo sa ho sala morao khoutu ea JavaScript ea nako e telele se hlophisitsoe bocha.
Ka lebaka la COVID-19, liphetoho tse ling tse reriloeng li chechisitsoe morao. Ka mohlala, tloso khoutu ea ho sebetsa le FTP hlahlamisitsoe bocha ka ho sa feleng. Koala tšehetso bakeng sa liprothokholo tsa TLS 1.0/1.1 chechisitsoe morao pele ho lokolloa ha Chrome 84. Ea pele
ts'ehetso bakeng sa sekhetho sa Litlhahiso tsa Bareki (e 'ngoe ho Moemeli-Mosebelisi) le eona chechisitsoe morao ho fihlela Chrome 84. Sebetsa ka Kopanyo ea Mosebelisi-Moemeli e chechiselitsoe selemong se tlang.

Ntle le boqapi le litokiso tsa liphoso, mofuta o mocha oa felisa 38 bofokoli. Bofokoli bo bongata bo ile ba khetholloa ka lebaka la lisebelisoa tsa tlhahlobo tse ikemetseng AtereseSanitizer, MemorySanitizer, Laola Phallo Botšepehi, LibFuzzer и AFL. Ha ho na mathata a bohlokoa a fumanoeng a ka lumellang motho ho feta maemo ohle a ts'ireletso ea sebatli le ho etsa khoutu ho sistimi e kantle ho tikoloho ea sandbox. E le karolo ea lenaneo la moputso oa chelete bakeng sa ho fumana bofokoli bakeng sa tokollo ea hajoale, Google e lefile likhau tse 28 tse jang $76 sekete (khau e le 'ngoe ea $20000, moputso o le mong oa $10000, likhau tse peli tsa $7500, likhau tse peli tsa $5000, likhau tse peli tsa $3000, likhau tse peli tsa $2000 le meputso e robeli ea $1000). Boholo ba meputso e 500 ha bo so tsejoe.

Source: opennet.ru

Phatlalatso ea Chrome 83