ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kweChrome 102

Ukukhutshwa kweChrome 102

I-Google ityhile ukukhululwa kwesiphequluli sewebhu se-Chrome 102. Ngelo xesha, ukukhululwa okuzinzile kweprojekthi yeChromium yamahhala, esebenza njengesiseko seChrome, iyafumaneka. Isikhangeli seChrome sihluke kwiChromium ekusebenziseni iilogo zeGoogle, ubukho benkqubo yokuthumela izaziso kwimeko yokuphazamiseka, iimodyuli zokudlala umxholo wevidiyo okhuselweyo wekopi (DRM), inkqubo yokufaka uhlaziyo ngokuzenzekelayo, ivumela iSandbox ngokusisigxina. , inikezela ngezitshixo kwiGoogle API kunye nokuthumela iRLZ ngexesha lokukhangela iiparamitha. Kwabo bafuna ixesha elingakumbi lokuhlaziya, i-Extended Stable branch ixhaswa ngokwahlukeneyo, ilandelwa ziiveki ezisi-8. Ukukhutshwa okulandelayo kweChrome 103 kucwangciselwe i-21 kaJuni.

Utshintsho oluphambili kwiChrome 102:

  • Ukuvala ukusetyenziswa kobuthathaka obubangelwa kukufikelela kwiibhloko zememori esele zikhululiwe (ukusetyenziswa-emva kokukhululeka), endaweni yezalathisi eziqhelekileyo, uhlobo lwe-MiraclePtr (raw_ptr) lwaqala ukusetyenziswa. I-MiraclePtr ibonelela ngokubophelela phezu kwezikhombisi ezenza uhlolo olongezelelweyo ekufikeleleni kwiindawo zememori ekhululiwe kunye nokuphazamiseka ukuba ukufikelela okunjalo kufunyenwe. Impembelelo yendlela entsha yokukhusela ekusebenzeni kunye nokusetyenziswa kwememori ivavanywa njengento engafanelekanga. Indlela ye-MiraclePtr ayisebenzi kuzo zonke iinkqubo, ngokukodwa ayisetyenziswanga kwiinkqubo zokunikezela, kodwa inokuphucula kakhulu ukhuseleko. Ngokomzekelo, ekukhutshweni kwangoku, kwii-32 zobuthathaka ezilungisiweyo, i-12 yabangelwa iingxaki zokusetyenziswa emva kokungabikho.
  • Uyilo lojongano olunolwazi malunga nokukhutshelwa lutshintshiwe. Esikhundleni somgca osezantsi kunye nedatha kwinkqubela phambili yokukhuphela, isalathisi esitsha songeziwe kwiphaneli enebha yedilesi; xa ucofa kuyo, inkqubela phambili yokukhuphela iifayile kunye nembali enoluhlu lweefayile esele zikhutshiwe ziyaboniswa. Ngokungafaniyo nephaneli esezantsi, iqhosha lihlala liboniswa kwiphaneli kwaye likuvumela ukuba ufikelele ngokukhawuleza kwimbali yakho yokukhuphela. Ujongano olutsha okwangoku lunikezelwa ngokungagqibekanga kuphela kubasebenzisi abathile kwaye luya kwandiswa kubo bonke ukuba akukho ngxaki. Ukubuyisela ujongano oludala okanye uvule entsha, useto lwe-"chrome://flags#download-bubble" lunikiwe.
    Ukukhutshwa kweChrome 102
  • Xa ukhangela imifanekiso ngemenyu yomxholo (“Khangela umfanekiso ngeLens zikaGoogle” okanye “Fumana ngeLens kaGoogle”), iziphumo ngoku aziboniswanga kwiphepha elahlukileyo, kodwa kwibar esecaleni ecaleni komxholo wephepha loqobo (in ifestile enye ungayibona ngaxeshanye zombini umxholo wephepha kunye nesiphumo sokufikelela kwi-injini yokukhangela).
    Ukukhutshwa kweChrome 102
  • Kwicandelo elithi "UBucala kunye noKhuseleko" lwezicwangciso, icandelo elithi "IsiKhokelo saBucala" longezwe, elinika umboniso jikelele wezicwangciso eziphambili ezichaphazela ubumfihlo kunye neenkcazo ezicacileyo zempembelelo yesilungiselelo ngasinye. Ngokomzekelo, kwicandelo ungachaza umgaqo-nkqubo wokuthumela idatha kwiinkonzo zeGoogle, ulawule ukuvumelanisa, ukuqhutyelwa kweCookie kunye nokugcinwa kwembali. Umsebenzi unikezelwa kubasebenzisi abathile; ukuwenza usebenze, ungasebenzisa i "chrome://flags#privacy-guide" setting.
    Ukukhutshwa kweChrome 102
  • Ulwakhiwo lwembali yokukhangela kunye namaphepha ajongweyo anikiwe. Xa uzama ukukhangela kwakhona, icebiso elithi "Resume your journey" liboniswa kwibar yedilesi, ekuvumela ukuba uqhubeke nokukhangela kwindawo apho luphazamiseke khona okokugqibela.
    Ukukhutshwa kweChrome 102
  • ISitolo seWebhu seChrome sibonelela ngephepha elithi "Extensions Starter Kit" kunye nokhetho lokuqala lwezongezo ezicetyiswayo.
  • Kwimo yokuvavanya, ukuthunyelwa kwe-CORS (i-Cross-Origin Resource Sharing) isicelo sogunyaziso kunye nesihloko esithi "Ukufikelela-Ukulawula-Isicelo-Inethiwekhi yaBucala: yinyaniso" kumncedisi wesayithi oyintloko yenziwe, ukuba iphepha lifikelela kwisixhobo inethiwekhi yangaphakathi (192.168.x.x , 10.x.x.x, 172.16.x.x) okanye kwi-localhost (128.x.x.x). Xa uqinisekisa umsebenzi ekuphenduleni kwesi sicelo, umncedisi kufuneka abuyisele "Ukufikelela-Ukulawula-Vumela-Inethiwekhi-yaBucala: yinyaniso" okubhalwe ngasentla. Kwinguqulo ye-Chrome ye-102, isiphumo sokuqinisekisa asikachaphazeli ukusetyenzwa kwesicelo - ukuba akukho siqinisekiso, isilumkiso siboniswa kwikhonsoli yewebhu, kodwa isicelo somthombo ngokwawo asivaliwe. Ukuvumela ukubhloka ngokungabikho koqinisekiso oluvela kumncedisi akulindelekanga de kube kukhululwe iChrome 105. Ukwenza uthintelo kukhupho lwangaphambili, unokwenza useto "chrome://flags/#private-network-access-respect-preflight- iziphumo".

    Ukuqinisekiswa kwegunya ngumncedisi kwaqaliswa ukuqinisa ukukhuselwa ekuhlaselweni okuhambelana nokufikelela kwimithombo yolwazi kwinethiwekhi yendawo okanye kwikhompyutheni yomsebenzisi (indawo yendawo) ukusuka kwizikripthi ezilayishiwe xa uvula isayithi. Ezo zicelo zisetyenziswa ngabahlaseli ukwenza uhlaselo lwe-CSRF kwiirutha, iindawo zofikelelo, abashicileli, ujongano lwewebhu loshishino kunye nezinye izixhobo kunye neenkonzo ezamnkela izicelo ezisuka kwinethiwekhi yendawo kuphela. Ukukhusela kuhlaselo olunjalo, ukuba naziphi na izibonelelo eziphantsi zifunyenwe kwinethiwekhi yangaphakathi, isikhangeli siya kuthumela isicelo esicacileyo semvume yokulayisha ezi sub-resources.

  • Xa uvula amakhonkco kwimodi ye-incognito ngokusebenzisa imenyu yomxholo, ezinye iiparamitha ezichaphazela ubumfihlo zisuswa ngokuzenzekelayo kwi-URL.
  • Isicwangciso sokuhanjiswa kohlaziyo lweWindows kunye ne-Android sitshintshiwe. Ukuthelekisa ngakumbi indlela yokuziphatha kokukhutshwa okutsha kunye nokudala, ulwakhiwo oluninzi lwenguqulelo entsha ngoku lwenzelwe ukukhutshelwa.
  • Itekhnoloji yokwahlulahlula inethiwekhi izinzile ukuze ikhuseleke kwiindlela zokulandelela iintshukumo zabasebenzisi phakathi kweesayithi ezisekelwe kwizazisi zokugcina kwiindawo ezingajoliswanga kugcino olusisigxina lolwazi (“iSupercookies”). Ngenxa yokuba izibonelelo ezigciniweyo zigcinwe kwindawo yamagama eqhelekileyo, kungakhathaliseki ukuba yiyiphi i-domain evela kuyo, isayithi enye inokugqiba ukuba enye indawo ilayisha izixhobo ngokujonga ukuba loo vimba i-cache. Ukhuseleko lusekelwe ekusebenziseni ulwahlulo lwenethiwekhi (i-Network Partitioning), umongo wayo kukongeza kwi-cache ekwabelwana ngayo ukubophelela okongeziweyo kweerekhodi kwisizinda apho kuvulwa khona iphepha eliphambili, elinqanda i-cache ye-cache yokulandela umkhondo wemibhalo kuphela. kwisiza sangoku (iscript esisuka kwi-iframe asizukwazi ukujonga ukuba uvimba wakhutshelwa kwenye indawo). Ukwabelana kwelizwe kuhlanganisa uxhulumaniso lwenethiwekhi (HTTP/1, HTTP/2, HTTP/3, websocket), i-DNS cache, ALPN/HTTP2, TLS/HTTP3 data, uqwalaselo, ukhuphelo, kunye noLindela-CT ulwazi olusentloko.
  • Kwizicelo zewebhu ezifakiweyo ezizimeleyo (i-PWA, i-Progressive Web App), kuyenzeka ukuba utshintshe uyilo lwendawo yesihloko sefestile usebenzisa amacandelo oLawulayo weWindowri, owandisa indawo yesikrini yesicelo sewebhu kuyo yonke ifestile. Usetyenziso lwewebhu lunokulawula unikezelo kunye nokuqhubekeka kwegalelo layo yonke iwindow, ngaphandle kwebhloko egqunyiweyo enamaqhosha olawulo efestile asezantsi (vala, nciphisa, khulisa), ukunika usetyenziso lwewebhu inkangeleko yesicelo sedesktop eqhelekileyo.
    Ukukhutshwa kweChrome 102
  • Kwinkqubo yokuzalisa ngokuzenzekelayo, inkxaso yongezwe ekwenzeni amanani ekhadi lokuthenga ngetyala ngokwenyani kwimimandla eneenkcukacha zentlawulo yeempahla kwiivenkile ze-intanethi. Ukusebenzisa ikhadi elibonakalayo, inani eliveliswa kwintlawulo nganye, likuvumela ukuba ungadluliseli idatha malunga nekhadi letyala langempela, kodwa lifuna ukunikezelwa kwenkonzo efunekayo yibhanki. Eli nqaku okwangoku lifumaneka kuphela kubathengi bebhanki yase-US. Ukulawula ukubandakanywa komsebenzi, i-"chrome://flags/#autofill-enable-virtual-card" useto luyacetywa.
  • Isixhobo se-"Capture Handle" sivulwa ngokuzenzekelayo, sikuvumela ukuba uthumele ulwazi kwiinkqubo ezithatha ividiyo. I-API yenza ukuba kube lula ukuququzelela intsebenziswano phakathi kwezicelo ezinomxholo orekhodiweyo kunye nezicelo ezenza ukurekhoda. Umzekelo, usetyenziso lwenkomfa yevidiyo oluthatha ividiyo ukuze lusasaze umboniso lunokufumana ulwazi malunga nolawulo lokubonisa kwaye lubonise kwifestile yevidiyo.
  • Inkxaso yemithetho eqikelelwayo yenziwe ngokungagqibekanga, ukubonelela nge-syntax eguquguqukayo yokugqiba ukuba idatha enxulumene nekhonkco inokulayishwa ngokuqhubekayo phambi kokuba umsebenzisi acofe ikhonkco.
  • Indlela yokupakisha izixhobo kwiipakethi kwifomathi ye-Web Bundle iye yazinziswa, ivumela ukwandisa ukusebenza kakuhle kokulayisha inani elikhulu leefayile ezihamba kunye (izitayela zeCSS, iJavaScript, imifanekiso, iframes). Ngokungafani neepakethe kwifomathi yeWebpack, ifomathi ye-Web Bundle ineenzuzo ezilandelayo: akusiyo iphakheji ngokwayo egcinwe kwi-cache ye-HTTP, kodwa iinxalenye zayo zecandelo; ukuhlanganiswa kunye nokwenziwa kweJavaScript kuqala ngaphandle kokulinda ukuba ipakethe ikhutshelwe ngokupheleleyo; Kuvumelekile ukubandakanya izixhobo ezongezelelweyo ezifana ne-CSS kunye nemifanekiso, ekuza kufuneka ifakwe kwi-webpack ngendlela yeentambo zeJavaScript.
  • Kuyenzeka ukuchaza isicelo se-PWA njengomphathi weentlobo ezithile ze-MIME kunye nezandiso zefayile. Emva kokuchaza isibophelelo ngefildi_handler field kwi-manifest, isicelo siya kufumana isiganeko esikhethekileyo xa umsebenzisi ezama ukuvula ifayile ehambelana nesicelo.
  • Kongezwe uphawu olutsha lwe-inert olukuvumela ukuba uphawule inxalenye yomthi we-DOM njengo "ngasebenziyo". Kwiindawo ze-DOM kule meko, ukhetho lokubhaliweyo kunye neziphathi zehover yesalathisi zivaliwe, okt. Iziganeko zesalathiso kunye neempawu ze-CSS ezikhethwa ngumsebenzisi zihlala zisetelwe 'akukho nanye'. Ukuba i-node inokuhlelwa, ngoko kwimo ye-inert iba yinto engahlelekiyo.
  • Yongezwe iNavigation API, evumela usetyenziso lwewebhu ukuba luthintele ukusebenza kwefestile, luqalise ukukhangela, kwaye luhlalutye imbali yezenzo kunye nesicelo. I-API ibonelela ngenye indlela kwi window.history kunye ne window.location properties, elungiselelwe usetyenziso lwewebhu lwephepha elinye.
  • Iflegi entsha, "de ifumaneke", icetyiselwe uphawu "olufihliweyo", elenza into ukuba ikhangeleke kwiphepha kwaye isongelo ngesigqubuthelo sombhalo. Umzekelo, unokongeza umbhalo ofihliweyo kwiphepha, imixholo eya kufunyanwa kukhangelo lwasekhaya.
  • Kwi-WebHID API, eyenzelwe ukufikelela kwinqanaba elisezantsi kwizixhobo ze-HID (izixhobo zojongano lwabantu, iikhibhodi, iimpuku, ii-gamepads, ii-touchpads) kunye nokulungelelanisa umsebenzi ngaphandle kobukho babaqhubi abathile kwinkqubo, ipropathi yokukhutshelwa kweFilters yongezwe kwisiceloDevice( ) into, ekuvumela ukuba ungabandakanyi izixhobo ezithile xa isikhangeli sibonisa uluhlu lwezixhobo ezikhoyo. Umzekelo, unokukhuphela ngaphandle ii-ID zesixhobo ezinemiba eyaziwayo.
  • Akuvumelekanga ukubonisa ifomu yentlawulo ngokufowunela kwi-PaymentRequest.show() ngaphandle kwesenzo somsebenzisi esicacileyo, umzekelo, ukucofa into ehambelana nomphathi.
  • Ukuxhasa enye indlela yokuphunyezwa kwe-SDP (iProtocol yeNkcazelo yeSeshini) esetyenziselwa ukuseka iseshoni kwiWebRTC iye yanqunyanyiswa. I-Chrome ibonelele ngeendlela ezimbini ze-SDP - ezidityaniswe nezinye izikhangeli kunye ne-Chrome-specific. Ukususela ngoku ukuya phambili, kuphela ukhetho oluphathwayo oluseleyo.
  • Uphuculo lwenziwe kwizixhobo zabaphuhlisi bewebhu. Amaqhosha ongeziweyo kwiphaneli yeZimbo ukulinganisa ukusetyenziswa komxholo omnyama nolula. Ukukhuselwa kwethebhu yokuHlola kwimowudi yokuhlola inethiwekhi yomeleziwe (uMgaqo-nkqubo woKhuseleko lwesiqulatho uvuliwe). Idebugger isebenzisa ukupheliswa kweskripthi ukuphinda kulayishwe iindawo zoqhawulo. Ukuphunyezwa kwangaphambili kwephaneli entsha ye "Performance Insights" iphakanyisiwe, ekuvumela ukuba uhlalutye ukusebenza kwemisebenzi ethile kwiphepha.
    Ukukhutshwa kweChrome 102

Ukongeza kwizinto ezintsha kunye nokulungiswa kwebug, inguqulelo entsha isusa ubuthathaka obungama-32. Uninzi lobuthathaka luchongiwe ngenxa yovavanyo oluzenzekelayo kusetyenziswa idilesi yeSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer kunye nezixhobo zeAFL. Enye yeengxaki (i-CVE-2022-1853) inikwe inqanaba elibalulekileyo lengozi, elithetha ukukwazi ukudlula onke amanqanaba okukhusela isiphequluli kunye nokwenza ikhowudi kwinkqubo ngaphandle kwendawo yebhokisi yesanti. Iinkcukacha ngobu sesichengeni azikachazwa; iyaziwa kuphela ukuba ibangelwa kukufikelela kwibhloko yememori ekhululweyo (ukusetyenziswa-emva kokukhululeka) kwi-Indexed DB API ukuphunyezwa.

Njengenxalenye yenkqubo yokuvuza imali yokufumana ubuthathaka kukhupho lwangoku, uGoogle uhlawule amabhaso angama-24 axabisa i-65600 yeedola (ibhaso elinye le-10000 yeedola, ibhaso le-$7500 enye, amabhaso amabini e-$7000, amabhaso amathathu e-$5000, amabhaso amane e-$3000, amabhaso amabini e-$2000, kunye nee-$1000 ezimbini, $500 iibhonasi). Ubungakanani bemivuzo ye-7 ayikachazwa.

umthombo: opennet.ru

Yongeza izimvo