Google
Kuyaphawulwa ukuthi okwamanje ngaphezu kuka-90% wamasayithi avulwa abasebenzisi be-Chrome basebenzisa i-HTTPS. Ukuba khona kwezinto ezifakiwe ezilayishwe ngaphandle kokubethela kudala izinsongo zokuphepha ngokuguqulwa kokuqukethwe okungavikelekile uma kunokulawula isiteshi sokuxhumana (isibonelo, lapho uxhuma nge-Wi-Fi evulekile). Inkomba yokuqukethwe okuxubile itholwe ingasebenzi futhi idukisa umsebenzisi, njengoba inganikezi ukuhlolwa okucacile kokuvikeleka kwekhasi.
Okwamanje, izinhlobo eziyingozi kakhulu zokuqukethwe okuxubile, njengemibhalo nama-iframe, sezivinjelwe ngokuzenzakalela, kodwa izithombe, amafayela alalelwayo namavidiyo asengalandwa nge-http://. Ngokukhwabanisa kwesithombe, umhlaseli angashintsha amakhukhi okulandelela umsebenzisi, azame ukuxhaphaza ubungozi kumaphrosesa wesithombe, noma enze umgunyathi ngokushintsha ulwazi olunikezwe esithombeni.
Ukwethulwa kokuvinjwa kuhlukaniswe izigaba eziningana. I-Chrome 79, ehlelelwe uDisemba 10, izofaka isilungiselelo esisha esizokuvumela ukuthi ukhubaze ukuvinjwa kwamasayithi athile. Lesi silungiselelo sizosetshenziswa kokuqukethwe okuxubile osekuvinjiwe kakade, okufana nemibhalo nama-iframe, futhi kuzobizwa ngemenyu eyehlelayo lapho uchofoza uphawu lokukhiya, esikhundleni senkomba ehlongoziwe ngaphambilini yokukhubaza ukuvimba.
I-Chrome 80, okulindeleke ngo-February 4, izosebenzisa uhlelo oluthambile lokuvimba amafayela omsindo nevidiyo, okusho ukushintshwa okuzenzakalelayo kwezixhumanisi ze-http:// ezino-https://, ezizogcina ukusebenza uma isisetshenziswa esiyinkinga futhi sifinyeleleka nge-HTTPS. . Izithombe zizoqhubeka zilayisheka ngaphandle kwezinguquko, kodwa uma zilandwa nge-http://, amakhasi we-https:// azobonisa inkomba yokuxhumana engavikelekile kulo lonke ikhasi. Ukuze ushintshele ku-https noma uvimbele izithombe ngokuzenzakalelayo, abathuthukisi besayithi bazokwazi ukusebenzisa i-CSP yokuthuthukisa i-insecure-requests kanye ne-block-all-mixed-content. I-Chrome 81, ihlelelwe uMashi 17, izolungisa ngokuzenzakalelayo i-http:// ukuya ku-https:// ukuze kulayishwe izithombe ezixubile.
Ngaphezu kwalokho, i-Google
Ukugcina ubumfihlo, lapho ufinyelela i-API yangaphandle, ama-byte amabili okuqala kuphela e-hashi yokungena nephasiwedi adluliselwa (i-algorithm ye-hashing isetshenziswa.
Source: opennet.ru