Phatlalatso ea Chrome 84

Google hlahisoa ho lokolloa ha sebatli sa marang-rang Chrome 84... Ka nako e le nngwe fumaneha tokollo e tsitsitseng ea morero oa mahala Chromium, e leng motheo oa Chrome. Sebatli sa Chrome fapaneng ts'ebeliso ea li-logos tsa Google, boteng ba sistimi ea ho romella litsebiso maemong a kotsi, bokhoni ba ho jarolla module ea Flash ha o e kopa, li-module tsa ho bapala litaba tsa video tse sirelelitsoeng (DRM), sistimi ea ho kenya liapdeite le phetisetso ka bo eona nakong ea ho batla. Litekanyetso tsa RLZPhatlalatso e latelang, Chrome 85, e reriloe ka la 25 Phato.

ka sehloohong fetola в Chrome 84:

• E holofetse Tšehetso bakeng sa liprothokholo tsa TLS 1.0 le TLS 1.1. Ho fihlella marang-rang ka mocha o sireletsehileng, seva se tlameha ho fana ka tšehetso bakeng sa bonyane TLS 1.2, ho seng joalo sebatli se tla hlahisa phoso. Ho ea ka Google, hoo e ka bang 0.5% ea maqephe a maqephe a marang-rang a ntse a tsoela pele ho sebelisa mefuta ea khale ea TLS. Ho koaloa hona ho entsoe ho latela likhothaletso IETF (Internet Engineering Task Force). Lebaka la ho nyenyefatsa TLS 1.0/1.1 ke khaello ea tšehetso bakeng sa li-ciphers tsa sejoale-joale (joalo ka ECDHE le AEAD) le tlhoko ea ho ts'ehetsa li-ciphers tsa khale tseo ho ts'epahala ha tsona ho belaetsang ho latela maemo a hajoale a theknoloji ea komporo (mohlala, ts'ehetso ea TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA e ea hlokahala, 'me e ea hlokahala bakeng sa tlhahlobo ea botšepehi. netefatso). Litlhophiso tse lumellang ho khutlela ho TLS 1.0/1.1 li tla lula li le teng ho fihlela Pherekhong 2021.
• Ho thibela ho tiisitsoe bootle bo sa bolokehang Lifaele (tse sa ngolisoang) tse sebetsang le litemoso tse kenyellelitsoeng bakeng sa ho khoasolla ka mokhoa o sa sireletsehang. Nakong e tlang, re rera ho fokotsa butle-butle ts'ehetso ea ho khoasolla lifaele ntle le encryption. Thibelo ena e kentsoe ts'ebetsong hobane ho khoasolla lifaele ntle le encryption ho ka sebelisoa ho etsa liketso tse lonya ka ho kenya litaba tsa tsona nakong ea tlhaselo ea man-in-the-middle (MITM).
• E kentsoe tšehetso ea pele se tsebahatsang Litlhahiso tsa bareki, e ntlafalitsoeng e le sebaka se seng ho sehlooho sa Moemeli-Mosebelisi. Mochine oa Litlhahiso tsa Client o fana ka letoto la lihlooho tsa "Sec-CH-UA-*" e le sebaka sa Moemeli-Mosebelisi, e nolofalletsang ho fana ka boitsebiso bo mabapi le sebadi se itseng le li-parameter tsa tsamaiso (phetolelo, sethala, joalo-joalo) feela ka mor'a kopo ea seva. Mosebelisi a ka etsa qeto ea hore na ke litekanyo life tse amohelehang bakeng sa ho fana le ho fana ka tlhahisoleseling e joalo ho beng ba sebaka sa marang-rang. Ha o sebelisa Malebela a Bareki, sekhetho ha se fetisoe ka mokhoa o ikhethileng ntle le kopo e hlakileng, e leng se etsang hore ho se khonehe ho tsebahatsa (ka ho sa feleng, ho fanoa ka lebitso la sebatli feela). mosebetsi ka Kopanyo ea Mosebelisi-Moemeli chechisitsoe morao ho fihlela selemong se tlang.
• Tsoela pele ts'ebetso
  thatafetseng ho feta meeli phetiso ea di-cookie pakeng tsa libaka, e neng e hlakotsoe Ka lebaka la COVID-19. Bakeng sa likopo tseo e seng tsa HTTPS, li-cookies tsa motho oa boraro, tse behiloeng ha u kena libakeng tse ling ntle le sebaka sa leqephe la hajoale, li thibetsoe ho sebetsoa. Li-cookie tsena li sebelisetsoa ho lekola metsamao ea basebelisi lipakeng tsa liwebsaete ka khoutu ea marang-rang a papatso, li-widget tsa litaba tsa sechaba, le litsamaiso tsa tlhahlobo ea webo.

  E le khopotso, tšobotsi ea SameSite e boletsoeng sehloohong sa Set-Cookie e sebelisoa ho laola phetiso ea li-cookie. Ka nako e sa lekanyetsoang, e tla beoa ho "SameSite=Lax," e fokotsang phetiso ea li-cookie bakeng sa likopo tsa libaka tse fapaneng, joalo ka likopo tsa setšoantšo kapa ho kenya litaba ka iframe ho tsoa sebakeng se seng. Liwebsaete li ka hlakola mokhoa oa kamehla oa SameSite ka ho beha ka ho hlaka SameSite=None ha u seta likuku. Ho feta moo, SameSite=Ha ho le e nngwe e ka etsetswang dikhukhi ka mokgwa o Sireletsehileng (e sebetsa ho dikgokelo tsa HTTPS). Phetoho ena e tla hlahisoa butle-butle, qalong ho karolo e nyane ea basebelisi, ebe butle-butle e atoloha ho bamameli ba bangata.

• Ho eketsoa ts'ebetsong ea liteko se thibelang lipapatso se matla haholo, e ka sebelisoang ho sebelisoa "chrome://flags/#enable-heavy-ad-intervention" setting. Ad blocker e tima ka bo eona lipapatso tsa iframe ka mor'a hore sephethephethe le litekanyo tsa CPU li fete. Ho thibela ho tla qala haeba khoele e kholo e ja metsotsoana e fetang 60 ea nako ea CPU ka kakaretso, kapa metsotsoana ea 15 ka nako ea metsotsoana ea 30 (e jang 50% ea lisebelisoa bakeng sa metsotsoana e fetang 30), le ha ho feta 4 MB ea data ea marang-rang e jarolloa.

  Thibelo e tla qala feela haeba mosebelisi a so ka a sebelisana le yuniti ea lipapatso (mohlala, e tobetse ho eona) pele meeli e feta. Sena, hammoho le moeli oa sephethephethe, se tla lumella ho ipapalla ha livideo tse telele ka har'a lipapatso ho thibeloa ntle le tšebeliso e hlakileng ea basebelisi. Mehato ena e sisintsoeng e tla sireletsa basebelisi lipapatsong tse nang le khoutu e sa sebetseng hantle kapa ts'ebetso ea ka boomo ea likokoana-hloko (mohlala, merafo). Ho latela lipalo-palo tsa Google, lipapatso tse lokeloang ho thibeloa li emela feela 0.30% ea likarolo tsohle tsa lipapatso, empa li-interstitials tsena li sebelisa 28% ea lisebelisoa tsa CPU le 27% ea sephethephethe.

• Mosebetsi o entsoe ho fokotsa tšebeliso ea CPU ha fensetere ea sebatli e le sieo ponong ea mosebelisi. Hona joale Chrome e lekola hore na fensetere ea sebatli e feta lifensetere tse ling mme e thibela ho fana ka lipikselse libakeng tse fetang. Karolo ena e ncha e tla hlahisoa butle-butle: lintlafatso tse ikhethileng li tla fuoa basebelisi ba bang ho Chrome 84, le ba bang ho Chrome 85.
• Tšireletso e lumelloa ke kamehla ditsebiso tse tenang, mohlala, likopo tsa spam bakeng sa litsebiso tsa push. Kaha likopo tse joalo li sitisa mosebetsi oa mosebelisi 'me li sitisa maikutlo ho tsoa liketsong tsa lipuisano tsa netefatso, ho e-na le puisano e arohaneng, ho tla hlahisoa lethathamong la liaterese, ho tla hlakisa mosebelisi hore kopo ea tumello e koetsoe. Leqheka lena la lisebelisoa le oela ka bo eona ho sesupo se nang le lets'oao le tloloko la tšepe. Ka ho tobetsa letšoao, tumello e kopiloeng e ka etsoa kapa ea hanoa ka nako efe kapa efe.
  
• Khetho ea mosebelisi ha a bula li-protocol tsa kantle e se e hopoloa-mosebelisi a ka khetha "kamehla lumella sebaka sena" bakeng sa mohlokomeli ea itseng, 'me sebatli se tla hopola qeto ena bakeng sa sebaka sa hajoale.
• Tšireletso e ekelitsoeng khahlanong le ho fetola litlhophiso tsa basebelisi ntle le tumello e hlakileng. Haeba tlatsetso e fetola enjine ea ho batla ea kamehla kapa leqephe le bonts'itsoeng ho li-tab tse ncha, sebatli joale se tla hlahisa puisano e botsang hore na ho netefatsa phetoho kapa ho e hlakola.
• Tsoela pele Ts'ebetso ea ts'ireletso khahlano le ho kenya litaba tse tsoakaneng tsa media (ha lisebelisoa li kentsoe leqepheng la HTTPS ka http:// protocol). Maqepheng a butsoeng ka HTTPS, lihokelo tsa "http://" libolokong tse amanang le litšoantšo li se li tla nkeloa sebaka ke "https://" (lingoloa le li-iframe li kile tsa nkeloa sebaka; ho lebelletsoe hore tokollo e latelang e nkeloe sebaka ke lisebelisoa tsa audio le tsa video). Haeba setšoantšo se sa fumanehe ka https, ho roala ha sona ho koetsoe (sena se ka thibeloa ka letsoho ho sebelisa menu e fumanehang ka letšoao la senotlolo bareng ea aterese).
• Ts'ehetso ea API e ekelitsoeng Web OTP (e ntshetswa pele e le SMS Receiver API), e o dumellang ho hlophisa ho kenngwa ha phasewete ya hang feela leqepheng la webo kamora ho fumana molaetsa wa SMS o nang le khoutu ya netefatso e rometsweng ho Android- smartphone ea mosebelisi e sebelisang sebatli. Netefatso ea SMS, mohlala, e ka sebelisoa ho netefatsa nomoro ea mohala e fanoeng ke mosebelisi nakong ea ngoliso. Pele, mosebelisi o ne a tlameha ho bula sesebelisoa sa SMS, ho kopitsa khoutu ho tloha ho sona ho ea ho clipboard, ho khutlisetsa ho sebatli, le ho beha khoutu. API e ncha e etsa hore ho khonehe ho iketsetsa ts'ebetso ena le ho e fokotsa ho tobetsa hanngoe feela.
• E atolositsoeng API Litšoantšo tsa webo
  bakeng sa ho laola ho bapala animation ea webo. Phatlalatso e ncha e eketsa ts'ehetso bakeng sa ts'ebetso ea ho kopanya, e u lumellang ho laola hore na liphello li kopantsoe joang le ho fana ka litšoantšiso tse ncha tse bitsoang ha liketsahalo tsa phetoho ea litaba li etsahala. Web Animations API e boetse e tšehetsa Litšepiso bakeng sa ho khetholla tatellano ea lipopae le ho laola hamolemo hore na lipopae li sebelisana joang le likarolo tse ling tsa ts'ebeliso.
• Li-API tse 'maloa tse ncha li kentsoe mokhoa oa liteko tsa Origin (likarolo tsa liteko tse hlokang ts'ebetso e arohaneng). Teko ea Origin e bolela bokhoni ba ho sebetsa le API e boletsoeng ho tsoa lits'ebetsong tse jarollotsoeng ho tsoa ho localhost kapa 127.0.0.1, kapa ka mor'a ho ngolisa le ho amohela token e khethehileng e sebetsang ka nako e lekanyelitsoeng bakeng sa sebaka se itseng.
  • API Li-cookie Store bakeng sa phihlello ya mosebeletsi ho HTTP Cookies, e sebetsa e le mokgwa o mong o sa tshwaneng le ho sebedisa document.cookie.
  • API Ho lemoha ho sa sebetseng Ho bona ho se sebetse ha mosebelisi, e u lumella ho tseba nako eo mosebelisi a sa sebelisaneng le keyboard kapa mouse, ha skrini se sebetsa, skrineng se notletsoe, kapa ha mosebetsi o ntse o etsoa mochining o mong. Kopo e tsebisoa ka ho se sebetse ka ho romela tsebiso ka mor'a hore ho fihleloe moeli o itseng oa ho se sebetse.
  • Mokhoa Ho itšehla thajana ho tloha qalongOrigin Isolation e lumella bahlahisi hore ba finyelle karohano e felletseng ea ts'ebetso ea dikahare ka mokhoa o ikhethileng o ipapisitseng le tšimoloho (domain + port + protocol), ho fapana le sebaka sa marang-rang, ka litšenyehelo tsa ts'ehetso e theohileng bakeng sa likarolo tse ling tsa lefa, joalo ka ts'ebetso e ts'oanang ea mangolo a sebelisa document.domain le postMessage () letsetsa ho romela melaetsa ho WebAssembly.Module liketsahalo. Ka mantsoe a mang, Origin Isolation e lumella karohano ea lits'ebetso tse ipapisitseng le sebaka sa lisebelisoa, ho fapana le sebaka sa marang-rang se nang le likarolo tsohle tse kantle ho maqephe.
  • API WebAssembly SIMD Bakeng sa ho sebelisa litaelo tsa vector SIMD lits'ebetsong tsa WebAssembly. Ho netefatsa boikemelo ba sethala, ho fanoe ka mofuta o mocha oa 128-bit o ka emelang mefuta e fapaneng ea data e pakiloeng, hammoho le lits'ebetso tse 'maloa tsa mantlha tsa ho sebetsana le data e pakiloeng. SIMD e ntlafatsa ts'ebetso ka ho tsamaisana le ts'ebetso ea data mme e ea thusa ha o hlophisa khoutu ea lehae ho WebAssembly. Ho nolofalletsa tšehetso ea SIMD, sebelisa "chrome://flags/#enable-webassembly-simd".
• E tsitsitse 'me hona joale e ajoa ka ntle ho Origin Trials
  API Tlhahisoleseding ea Litaba, e fanang ka lintlha tse mabapi le litaba tse neng li bolokoa nakong e fetileng ke lits'ebetso tsa marang-rang tse sebelisang mokhoa oa Progressive Web Apps (PWS). Sesebelisoa se ka boloka data e fapaneng, ho kenyeletsoa litšoantšo, livideo le lingoliloeng, ho sebatli le ho li fihlella ha khokahano ea marang-rang e lahlehile ho sebelisoa Cache Storage le IndexedDB API. Content Indexing API e u lumella ho eketsa, ho fumana le ho tlosa lisebelisoa tse joalo. Ho sebatli, API ena e se e sebelisoa ho thathamisa maqephe le mecha ea litaba e fumanehang bakeng sa ho boha ntle le marang-rang.
• Mofuta oa API o tsitsitse Tsoha Lock E ipapisitse le mochini oa Ts'episo, e fana ka mokhoa o sireletsehileng haholoanyane oa ho laola ho tima ho notlela skrineng ka boiketsetso le ho fetolela lisebelisoa ho mekhoa ea ho boloka matla.
• Phetolelong ea sethala Android eketsoe Ts'ehetso ea likhutšoane tsa lits'ebetso, tse fanang ka phihlello e potlakileng ea liketso tse sebelisoang khafetsa ka har'a sesebelisoa. Ho theha likhutšoane, kenya feela likarolo ho ponahatso ea sesebelisoa sa webo ka sebopeho sa PWA (Progressive Web Apps).
  
• Web Worker e lumelletsoe ho sebelisa API ReportingObserver, e u lumellang hore u hlalose sebatli sa tlhahiso ea tlaleho se bitsoang ha likarolo tse lahliloeng li fumaneha. Tlaleho e hlahisitsoeng e ka bolokoa, ea romelloa ho seva, kapa ea sebetsoa ka mongolo oa JavaScript, ho latela khetho ea mosebelisi.
• API e ntlafalitsoe Fetola boholo ba Sebali, e u lumellang ho hokela sets'oants'o seo litsebiso li tla romelloa ho sona mabapi le liphetoho tsa boholo ba likarolo tse boletsoeng leqepheng. Ho kenyellelitsoe thepa e ncha e meraro ho ResizeObserverEntry: contentBoxSize, borderBoxSize, le devicePixelContentBoxSize, bakeng sa ho fumana lintlha tse qaqileng, tse khutlisitsoeng e le lintho tse ngata tsa ResizeObserverSize.
• E kentse lentsoe la sehlooho "khutlela morao»ho seta setaele sa element ho boleng ba eona ba kamehla.
• Thepa ea CSS "-webkit-appearance" le "-webkit-ruby-position" e tlositsoe fatše 'me e se e fumaneha e le "ponahalo"Le"boemo ba ruby".
• Ho JavaScript kenngwa tshebetsong Tšehetso ea ho tšoaea mekhoa le thepa ea sehlopha e le ea poraefete, ka mor'a moo li tla fumaneha feela ka har'a sehlopha (pele, masimo a ne a ka ba a lekunutu). Ho tšoaea mekhoa le thepa e le tsa lekunutu, u lokela supa pele ho lebitso la tšimo ho na le letšoao "#".
• Ho JavaScript eketsoe tšehetso lihokelo tse fokolang Litšupiso tse fokolang tsa lintho tsa JavaScript li u lumella ho boloka litšupiso tsa ntho ntle le ho thibela pokello ea litšila ea ntho e amanang le eona. Tšehetso bakeng sa li-finalizers e boetse e kenyelelitsoe, e leng se u lumellang hore u hlalose motho ea sebetsang ho tla bitsoa ka mor'a hore ntho e boletsoeng e bokelloe ke litšila.
• Ho phatlalatsoa ha app ea WebAssembly hona joale ho potlakile ka lebaka la ts'ebetsong ho komporo ea mantlha ea Liftoff. litaelo tsa athomo и ts'ebetso ea memori ea batchLisebelisoa tsa ho rarolla mathata a WebAssembly li ntlafalitsoe, li eketsa haholo ts'ebetso ea ho lokisa liphoso ha u sebelisa li-breakpoints (pele, mofetoleli o ne a sebelisetsoa ho lokisa liphoso, empa hona joale ho sebelisoa compiler ea Liftoff).
• Phanele ea tlhahlobo ea ts'ebetso ho lisebelisoa tsa Web Developer Tools (https://developers.google.com/web/updates/2020/05/devtools) e ntlafalitsoe. Lintlha tse akaretsang mabapi le metric li kentsoe. TBT (Kakaretso ea Nako ea Thibelo), e bontšang hore na leqephe le bonahala le le teng ka nako e kae empa ha e le hantle ha le fumanehe (ke hore, leqephe le se le fanoe, empa khoele e kholo e ntse e koetsoe le ho kenya data ha ho khonehe). Ho kentsoe karolo e ncha ea Boiphihlelo bakeng sa ho sekaseka metric ena. CLS (Cumulative Layout Shift), e bonts'ang botsitso ba pono ea litaba. Phanele ea tlhahlobo ea mekhoa ea CSS joale e bonts'a ponelopele ea litšoantšo tse boletsoeng ka thepa ea "background-image".

Ntle le boqapi le litokiso tsa liphoso, mofuta o mocha oa felisa 38 bofokoli. Bofokoli bo bongata bo ile ba khetholloa ka lebaka la lisebelisoa tsa tlhahlobo tse ikemetseng AtereseSanitizer, MemorySanitizer, Laola Phallo Botšepehi, LibFuzzer и AFLKhatiso e le 'ngoe (CVE-2020-6510, "buffer" e phallang ka morao) e tšoailoe e le ea bohlokoa, ho bolelang hore e lumella ho feta likarolo tsohle tsa ts'ireletso ea sebatli le ho kenya khoutu kantle ho tikoloho ea sandbox. E le karolo ea lenaneo la boune ea tlokotsi bakeng sa tokollo ea hajoale, Google e fane ka likhau tse 26 tsa kakaretso ea $21500 (likhau tse peli tsa $5000, lithuso tse peli tsa $3000, bounty e le 'ngoe ea $2000, likhau tse peli tsa $1000, le likhau tse tharo tsa $500). Chelete ea 16 ea bounties ha e so tsejoe.

Source: opennet.ru