I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini kwezinsuku ezingu-0 ku-Chrome kukhonjwe ngokuhlaziywa kwezinguquko enjinini ye-V8

Ukuba sengozini kwezinsuku ezingu-0 ku-Chrome kukhonjwe ngokuhlaziywa kwezinguquko enjinini ye-V8

Abacwaningi abavela ku-Eksodusi Intelligence ukhombisile iphuzu elibuthakathaka kunqubo yokulungisa ubungozi ku-Chrome/Chromium codebase. Inkinga isuka eqinisweni lokuthi i-Google iveza ukuthi izinguquko ezenziwe zihlobene nezindaba zokuphepha kuphela ngemva kokukhululwa, kodwa
ingeza ikhodi endaweni yokugcina ukuze kulungiswe ukuba sengozini enjinini ye-V8 ngaphambi kokushicilela ukukhishwa. Isikhathi esithile, ukulungiswa kuyahlolwa futhi iwindi liyavela lapho ukuba sengozini kulungiswa kusisekelo sekhodi futhi kuyatholakala ukuze kuhlaziywe, kodwa ukuba sengozini kuhlala kungalungisiwe kumasistimu omsebenzisi.

Ngenkathi befunda izinguquko ezenziwe endaweni yokugcina izinto, abacwaningi babone okuthile okwengezwe ngoFebhuwari 19 ukulungiswa kwathi ngezinsuku ezintathu base bekwazi ukulungisa ukuxhaphaza, okuthinta ukukhishwa kwamanje kwe-Chrome (ukuxhaphaza okushicilelwe akuzange kuhlanganise izingxenye zokudlula ukuhlukaniswa kwe-sandbox). Google ngokushesha kukhishwe Isibuyekezo se-Chrome 80.0.3987.122, silungisa ukuxhashazwa okuhlongozwayo ukuba sengozini (CVE-2020-6418). Ukuba sengozini kwaphawulwa onjiniyela be-Google futhi kubangelwa inkinga yokubamba uhlobo emsebenzini we-JSCreate, okungase kusetshenziswe indlela ye-Array.pop noma ye-Array.prototype.pop. Kuyaphawuleka ukuthi kwakunenkinga efanayo kulungisiwe kuFirefox ehlobo eledlule.

Abacwaningi baphinde baqaphela kalula ukudala ukuxhashazwa ngenxa yokufakwa kwe I-Chrome 80 indlela ukupakishwa kwezimpawu (esikhundleni sokugcina inani eligcwele le-64-bit, kugcinwa kuphela izingcezu ezihlukile ezingezansi zesikhombisi, ezinganciphisa kakhulu ukusetshenziswa kwenkumbulo yenqwaba). Isibonelo, ezinye izakhiwo zedatha yenqwaba njengethebula lomsebenzi elakhelwe ngaphakathi, izinto zomongo wendabuko, kanye impande izinto abaqoqi bakadoti manje sebenikezwe amakheli apakishiwe angabikezelwa futhi abhalekayo.

Kuyathakazelisa ukuthi cishe unyaka odlule i-Exodus Intelligence yayikhona kwenziwe ukuboniswa okufanayo kwamathuba okudala ukuxhashazwa okusekelwe ekutadisheni ilogi yomphakathi yokulungiswa kwe-V8, kodwa, ngokusobala, iziphetho ezifanele azizange zilandelwe. Esikhundleni sabacwaningi
I-Exodus Intelligence kungase kube abahlaseli noma izinhlangano ezihlakaniphile okuthi, lapho kwakhiwa ukuxhaphaza, zibe nethuba lokuxhaphaza ngokuyimfihlo ubungozi izinsuku noma ngisho namaviki ngaphambi kokuba ukukhishwa okulandelayo kwe-Chrome kudalwe.

Source: opennet.ru

Engeza amazwana