Ukukhishwa kwe-Chrome 104

I-Google yembule ukukhishwa kwesiphequluli sewebhu se-Chrome 104. Ngesikhathi esifanayo, ukukhululwa okuzinzile kwephrojekthi yamahhala ye-Chromium, esebenza njengesisekelo se-Chrome, kuyatholakala. Isiphequluli se-Chrome siyahluka kusukela ku-Chromium ekusebenziseni amalogo e-Google, ukuba khona kwesistimu yokuthumela izaziso uma kuba nokuphahlazeka, amamojula okudlala okuqukethwe kwevidiyo okuvikelwe ikhophi (i-DRM), isistimu yokufaka ngokuzenzakalela izibuyekezo, evumela unaphakade ukuhlukaniswa kwe-Sandbox , ihlinzeka ngokhiye ku-Google API futhi idlulisela i-RLZ- uma isesha. Kulabo abadinga isikhathi esengeziwe sokubuyekeza, igatsha Le-Extended Stable lisekelwa ngokuhlukile, lilandelwa amaviki angu-8. Ukukhishwa okulandelayo kwe-Chrome 105 kuhlelelwe u-Agasti 30.

Izinguquko ezibalulekile ku-Chrome 104:

• Umkhawulo wesikhathi sempilo yekhukhi wethuliwe - wonke amakhukhi amasha noma abuyekeziwe azosulwa ngokuzenzakalelayo ngemva kwezinsuku ezingu-400 ekhona, ngisho noma isikhathi sokuphelelwa yisikhathi esisethwe ngokuphelelwa yisikhathi kanye nezibaluli ze-Max-Age singaphezu kwezinsuku ezingu-400 (kulawa makhukhi, isikhathi sokuphila sizoncishiswa. izinsuku ezingama-400). Amakhukhi adalwe ngaphambi kokusetshenziswa komkhawulo azogcina impilo yawo yonke, ngisho noma idlula izinsuku ezingama-400, kodwa azokhawulelwa uma ebuyekezwa. Ushintsho lubonisa izidingo ezintsha eziphawulwe esimisweni esisha sokucaciswa.
• Kunikwe amandla ukuvinjwa kwama-URL e-iframe abhekisela kusistimu yamafayela wendawo (“filesystem://”).
• Ukuze kusheshiswe ukulayishwa kwekhasi, ukulungiselelwa okusha kungeziwe okuqinisekisa ukuthi uxhumano kumsingathi oqondiwe luyasungulwa ngesikhathi uchofoza isixhumanisi, ngaphandle kokulinda ukuthi ukhulule inkinobho noma ususe umunwe wakho esikrinini sokuthinta.
• Izilungiselelo ezingeziwe zokuphatha "Izihloko Neqembu Lentshisekelo" API, ethuthukiswe njengengxenye ye-Privacy Sandbox initiative, ekuvumela ukuthi uchaze izigaba zezithakazelo zabasebenzisi futhi uzisebenzise esikhundleni sokulandelela Amakhukhi ukuze uhlonze amaqembu abasebenzisi abanezintshisekelo ezifanayo ngaphandle kokukhomba abasebenzisi ngabanye. . Ngaphezu kwalokho, izingxoxo zolwazi eziboniswa kanye zengeziwe, ezichazela umsebenzisi ingqikithi yobuchwepheshe futhi zinikezela ngokuvula ukusekelwa kwazo kuzilungiselelo.
• Imikhawulo ekhulisiwe ukuze kukhawulwe amakholi afakwe kusidleke ku-setTimeout kanye nezibali-sikhathi ze-setInterval ezisebenza ngesikhawu esingaphansi kuka-4ms ("setTimeout(..., <4ms)"). Umkhawulo ophelele wamakholi anjalo unyusiwe kusuka ku-5 kuya ku-100, okwenza kube lula ukunqanyulwa kwezingcingo zomuntu ngamunye, kodwa ngesikhathi esifanayo kuvimbele ukuhlukumeza okungase kuthinte ukusebenza kwesiphequluli.
• Inikwe amandla ukuthumela isicelo sokugunyazwa se-CORS (Cross-Origin Resource Sharing) kuseva yesayithi enkulu enesihloko esithi “Access-Control-Request-Private-Network: true” lapho ikhasi lifinyelela insiza engaphansi kunethiwekhi yangaphakathi (192.168.xx) , 10. xxx, 172.16-31.xx) noma ukubamba indawo (127.xxx). Lapho iqinisekisa ukusebenza ekuphenduleni lesi sicelo, iseva kufanele ibuyisele isihloko esithi “Ukufinyelela-Ukulawula-Vumela-Inethiwekhi-Yangasese: iqiniso”. Kunguqulo engu-104 ye-Chrome, umphumela wokuqinisekisa awukathinti ukucutshungulwa kwesicelo - uma singekho isiqinisekiso, isexwayiso siyavezwa kukhonsoli yewebhu, kodwa isicelo somthombo ongaphansi ngokwaso asivinjiwe. Ukunika amandla ukuvinjwa okungavunywa akulindelekile kuze kube i-Chrome 107. Ukuze unike amandla ukuvimba ekukhishweni kwangaphambilini, unganika amandla ukulungiselelwa kwe-"chrome://flags/#private-network-access-respect-preflight-results".

  Ukuqinisekiswa kwegunya yiseva kwethulwe ukuze kuqiniswe ukuvikeleka ekuhlaselweni okuhlobene nokufinyelela izinsiza kunethiwekhi yendawo noma kukhompuyutha yomsebenzisi (i-localhost) kusukela kumaskripthi alayishwayo lapho kuvulwa isayithi. Izicelo ezinjalo zisetshenziswa abahlaseli ukwenza ukuhlasela kwe-CSRF kumarutha, izindawo zokufinyelela, amaphrinta, izixhumanisi zewebhu yebhizinisi namanye amadivayisi namasevisi amukela izicelo ezivela kunethiwekhi yendawo kuphela. Ukuze uvikele ekuhlaselweni okunjalo, uma noma yiziphi izinsiza ezingaphansi zifinyelelwa kunethiwekhi yangaphakathi, isiphequluli sizothumela isicelo esicacile semvume yokulayisha lezi zinsiza ezincane.

• Kungezwe indlela yokuthwebula isifunda ekuvumela ukuthi usike okuqukethwe okungadingekile kuvidiyo eyenziwe ngokusekelwe ekuthwebuleni isikrini. Isibonelo, kusetshenziswa i-getDisplayMedia API, uhlelo lokusebenza lwewebhu lungasakaza ividiyo yokuqukethwe kwethebhu, futhi i-Regional Capture ikuvumela ukuthi usike ingxenye yokuqukethwe okubandakanya izilawuli zenkomfa yevidiyo.
• Ukwesekwa okwengeziwe kwe-syntax yemibuzo yemidiya entsha echazwe esicacisweni se-Media Queries Level 4, esinquma ubuncane nobukhulu bosayizi wendawo ebonakalayo (imbobo yokubuka). I-syntax entsha ikuvumela ukuthi usebenzise ama-opharetha okuqhathanisa ezezibalo kanye nama-opharetha anengqondo njengokuthi "hhayi", "noma" kanye "kanye". Isibonelo, esikhundleni sokuthi “@media (min-width: 400px) { … }” ungakwazi manje ukucacisa “@media (width >= 400px) { … }”.
• Ama-API amaningana amasha engeziwe kumodi ye-Origin Trials (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile). I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
  • Kwengezwe isici se-CSS esithi “focusgroup” ukuze kuthuthukiswe ukuzulazula ezintweni kusetshenziswa okhiye bemicibisholo kukhibhodi.
  • I-Secure Payment Confirmation API inikeza ikhono lomsebenzisi lokukhubaza isitolo sezilungiselelo zekhadi lesikweletu. Ukuze ubonise ibhokisi elikuvumela ukuthi wenqabe ukulondoloza imingcele yekhadi lesikweletu, umakhi we-PaymentRequest() uhlinzeka ngefulegi elithi “showOptOut: true”.
  • Kwengezwe i-Shared Element Transitions API, ekuvumela ukuthi uhlele inguquko ebushelelezi phakathi kokubukwa kokuqukethwe okuhlukile kuzinhlelo zokusebenza zewebhu zekhasi elilodwa.
• Usekelo lwemithetho yokuqagela luzinzile, okuvumela ababhali bewebhusayithi ukuthi banikeze isiphequluli ngolwazi olumayelana namakhasi okungenzeka kakhulu ukuthi umsebenzisi angaya kuwo. Isiphequluli sisebenzisa lolu lwazi ukuze silayishe ngokuqhubekayo futhi sinikeze okuqukethwe kwekhasi.
• Indlela yokupakisha izinsiza ezingaphansi kumaphakheji ngefomethi ye-Web Bundle isizinzile, okuvumela ukukhulisa ukusebenza kahle kokulayisha inani elikhulu lamafayela ahambisana nawo (izitayela ze-CSS, i-JavaScript, izithombe, ama-iframe). Ngokungafani namaphakheji efomethi ye-Webpack, ifomethi ye-Web Bundle inezinzuzo ezilandelayo: akulona iphakheji ngokwalo eligcinwe kunqolobane ye-HTTP, kodwa izingxenye zayo zengxenye; ukuhlanganiswa kanye nokwenziwa kwe-JavaScript kuqala ngaphandle kokulinda ukuthi iphakheji ilandwe ngokugcwele; Kuvunyelwe ukufaka izinsiza ezengeziwe ezifana ne-CSS nemifanekiso, okuzodingeka ukuthi ku-webpack ibhalwe ngekhodi ngendlela yamayunithi ezinhlamvu e-JavaScript.
• Kwengezwe impahla ye-CSS ye- object-view-box, ekuvumela ukuthi uchaze ingxenye yesithombe ezoboniswa endaweni esikhundleni sesici esinikeziwe, esingasetshenziswa, isibonelo, ukwengeza umngcele noma isithunzi.
• Kwengezwe i-API ye-Fullscreen Capability Delegation, okuvumela into eyodwa yewindi ukuthi idlulisele kwenye into yewindi ilungelo lokushayela i-applicationFullscreen().
• Kwengezwe i-Fullscreen Companion Window API, evumela okuqukethwe kwesikrini esigcwele nama-popups ukuthi abekwe kwesinye isikrini ngemva kokuthola isiqinisekiso esivela kumsebenzisi.
• Isibaluli sebhokisi elibonakalayo sengeziwe esakhiweni se-CSS se-overflow-clip-margin, esinquma ukuthi ungaqala kuphi ukusika okuqukethwe okweqa umngcele wendawo (kungathatha amanani ibhokisi lokuqukethwe, ibhokisi lokunamathisela kanye nomngcele- ibhokisi).
• I-Async Clipboard API yengeze ikhono lokuchaza amafomethi akhethekile edatha edluliswa ngebhodi lokunamathisela, ngaphandle kombhalo, izithombe, nombhalo onemakhaphu.
• I-WebGL ihlinzeka ngosekelo lokucacisa isikhala sombala se-render buffer futhi iguqule lapho ungenisa usuka kokuthungwayo.
• Ukusekelwa kwezinkundla ze-OS X 10.11 kanye ne-macOS 10.12 kunqanyuliwe.
• I-U2F (Cryptotoken) API, eyayihoxisiwe ngaphambilini futhi yakhutshazwa ngokuzenzakalela, ayiqhubeki. I-U2F API ithathelwe indawo i-Web Authentication API.
• Ukuthuthukiswa kwenziwe kumathuluzi onjiniyela bewebhu. I-debugger manje inamandla okuqalisa kabusha ikhodi kusukela ekuqaleni komsebenzi ngemva kokushaya i-breakpoint endaweni ethile emzimbeni womsebenzi. Usekelo olungeziwe lokuthuthukisa izengezo zephaneli Yerekhoda. Ukusekelwa kokubona ngeso lengqondo amamaki asethwe ohlelweni lwewebhu ngokushayela indlela ye-performance.measure() yengezwe kuphaneli yokuhlaziya ukusebenza. Izincomo ezithuthukisiwe zokuqedela ngokuzenzakalela izici zento ye-JavaScript. Lapho kuqedela ngokuzenzakalela okuguquguqukayo kwe-CSS, ukubuka kuqala kwamanani angahlobene nemibala kuyanikezwa.

Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha isusa ubungozi obungu-27. Ubungozi obuningi buhlonzwe njengomphumela wokuhlolwa okuzenzakalelayo kusetshenziswa i-AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer kanye namathuluzi e-AFL. Azikho izinkinga ezibucayi ezitholiwe ezingavumela umuntu ukuthi adlule wonke amazinga okuvikela isiphequluli futhi akhiphe ikhodi kusistimu engaphandle kwendawo ye-sandbox. Njengengxenye yohlelo lomklomelo wemali lokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engama-22 ebiza u-$84 ayizinkulungwane (umklomelo owodwa ongu-$15000, umklomelo owodwa ongu-$10000, umklomelo owodwa ongu-$8000, umklomelo owodwa ongu-$7000, imiklomelo emine engu-$5000, umklomelo owodwa ongu-$4000, amathathu , imiklomelo emine yama-$3000, kanye nemiklomelo emithathu ka-$2000). Usayizi womklomelo owodwa awukakanqunywa.

Source: opennet.ru