I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-Chrome 107

Ukukhishwa kwe-Chrome 107

I-Google yembule ukukhishwa kwesiphequluli sewebhu se-Chrome 107. Ngesikhathi esifanayo, ukukhululwa okuzinzile kwephrojekthi yamahhala ye-Chromium, esebenza njengesisekelo se-Chrome, kuyatholakala. Isiphequluli se-Chrome siyahluka kusukela ku-Chromium ekusebenziseni amalogo e-Google, ukuba khona kwesistimu yokuthumela izaziso uma kuba nokuphahlazeka, amamojula okudlala okuqukethwe kwevidiyo okuvikelwe ikhophi (i-DRM), isistimu yokufaka ngokuzenzakalela izibuyekezo, evumela unaphakade ukuhlukaniswa kwe-Sandbox , ihlinzeka ngokhiye ku-Google API futhi idlulisela i-RLZ- uma isesha. Kulabo abadinga isikhathi esengeziwe sokubuyekeza, igatsha Le-Extended Stable lisekelwa ngokuhlukile, lilandelwa amaviki angu-8. Ukukhishwa okulandelayo kwe-Chrome 108 kuhlelelwe uNovemba 29.

Izinguquko ezibalulekile ku-Chrome 107:

  • Kungezwe ukusekelwa kwendlela ye-ECH (Encrypted Client Hello), eqhubeka nokuthuthukiswa kwe-ESNI (I-Encrypted Server Name Indication) futhi isetshenziselwa ukubethela ulwazi olumayelana nemingcele yeseshini ye-TLS, njengegama lesizinda eliceliwe. Umehluko oyinhloko phakathi kwe-ECH ne-ESNI ukuthi esikhundleni sokubethela ezingeni lezinkambu ngazinye, i-ECH ibethela wonke umlayezo we-TLS ClientHello, okuvumela ukuthi uvimbele ukuvuza ngezinkambu i-ESNI engazifaki, isibonelo, i-PSK (Kwabiwe Ngaphambili Key) inkambu. I-ECH futhi isebenzisa irekhodi le-HTTPSSVC DNS esikhundleni serekhodi le-TXT ukuze idlulisele ulwazi lokhiye osesidlangalaleni, futhi isebenzisa ukubethela okuqinisekisiwe kokuphela kuya ekupheleni okusekelwe kumshini we-Hybrid Public Key Encryption (HPKE) ukuze ithole futhi ibethele ukhiye. Ukuze ulawule ukuthi i-ECH ivuliwe yini, isilungiselelo esithi “chrome://flags#encrypted-client-hello” siphakanyisiwe.
  • Ukusekelwa kwezingxenyekazi zekhompuyutha ezisheshisiwe zokukhishwa kwevidiyo ngefomethi ye-H.265 (HEVC) kunikwe amandla.
  • Isigaba sesihlanu sokunciphisa ulwazi kunhlokweni ye-HTTP yomenzeli womsebenzisi namapharamitha we-JavaScript navigator.userAgent, navigator.appVersion kanye ne-navigator.platform yenziwe yasebenza, yasetshenziswa ukuze kuncishiswe ulwazi olungasetshenziselwa ukukhonjwa komsebenzisi okwenziwayo. I-Chrome 107 yehlise inkundla nolwazi lokucubungula kulayini Womenzeli Womsebenzisi kubasebenzisi bedeskithophu, futhi yafriza okuqukethwe kwepharamitha ye-JavaScript ye-navigator.platform. Ushintsho lubonakala kuphela ezinguqulweni zeplathifomu ye-Windows, lapho inguqulo ethile yesikhulumi ishintshelwa ku-"Windows NT 10.0". Ku-Linux, okuqukethwe kweplathifomu Kumenzeli Womsebenzisi akukashintshi.

    Ngaphambilini, izinombolo ze-MINOR.BUILD.PATCH ezakha inguqulo yesiphequluli zithathelwe indawo ngu-0.0.0. Esikhathini esizayo, kuhlelwe ukushiya ulwazi kuphela mayelana negama lesiphequluli, inguqulo yesiphequluli esikhulu, isiteji kanye nohlobo lwedivayisi (ifoni ephathekayo, i-PC, ithebhulethi) kunhlokweni. Ukuze uthole idatha eyengeziwe, njengenguqulo okuyiyonayona kanye nedatha yeplathifomu enwetshiwe, kufanele usebenzise i-API Yamacebiso Omenzeli Womsebenzisi. Kumasayithi angenalo ulwazi olusha olwanele futhi angakalungeli ukushintshela kokuthi Amacebo Omenzeli Womsebenzisi, kuze kube uMeyi 2023 anethuba lokubuyisela Umenzeli Womsebenzisi ogcwele.

  • Inguqulo ye-Android ayisasekeli inkundla ye-Android 6.0; isiphequluli manje sidinga okungenani i-Android 7.0.
  • Idizayini yesixhumi esibonakalayo sokulandelela isimo sokulandwa kushintshiwe. Esikhundleni somugqa ophansi onedatha yenqubekelaphambili yokulanda, inkomba entsha yengezwe kuphaneli enebha yekheli; lapho uchofoza kuyo, kuboniswa ukuqhubeka kokulanda amafayela nomlando onohlu lwamafayela asevele alandiwe. Ngokungafani nephaneli engezansi, inkinobho ihlale ikhonjiswa kuphaneli futhi ikuvumela ukuthi ufinyelele ngokushesha umlando wakho wokulanda. I-interface entsha okwamanje inikezwa ngokuzenzakalelayo kuphela kwabanye abasebenzisi futhi izonwetshwa kubo bonke uma zingekho izinkinga.
    Ukukhishwa kwe-Chrome 107
  • Kubasebenzisi bedeskithophu, kungenzeka ukungenisa amaphasiwedi alondolozwe kufayela ngefomethi ye-CSV. Ngaphambilini, amaphasiwedi asuka efayeleni aya esipheqululini ayengadluliswa kuphela ngesevisi ye-passwords.google.com, kodwa manje lokhu kungenziwa futhi Ngesiphathi Sephasiwedi Se-Google esakhelwe kusiphequluli.
  • Ngemva kokuthi umsebenzisi edale iphrofayela entsha, kuboniswa umyalo okutshela ukuthi uvumele ukuvumelanisa futhi uye kuzilungiselelo, ongashintsha ngazo igama lephrofayela bese ukhetha itimu yombala.
  • Inguqulo yenkundla ye-Android inikezela ngesixhumi esibonakalayo esisha sokukhetha amafayela emidiya ukuze alayishe izithombe namavidiyo (esikhundleni sokusebenza kwawo, kusetshenziswa isixhumi esibonakalayo se-Android Media Picker).
    Ukukhishwa kwe-Chrome 107
  • Ukuhoxiswa okuzenzakalelayo kwemvume yokubonisa izaziso kunikeziwe kumasayithi atholakala ethumela izaziso nemilayezo ephazamisa umsebenzisi. Ngaphezu kwalokho, kumasayithi anjalo, izicelo zemvume yokuthumela izaziso zimisiwe.
  • I-Screen Capture API yengeze izici ezintsha ezihlobene nokwabelana kwesikrini - selfBrowserSurface (ikuvumela ukuthi ukhiphe ithebhu yamanje lapho ushayela i-getDisplayMedia()), i-surfaceSwitching (ikuvumela ukuthi ufihle inkinobho yokushintsha amathebhu) kanye ne-DisplaySurface (ikuvumela ukuthi ukhawulele ukwabelana ku- ithebhu, iwindi, noma isikrini).
  • Kwengezwe isakhiwo se-renderBlockingStatus ku-Performance API ukuze kuhlonzwe izinsiza ezibangela ukunikezwa kwekhasi ukuthi kume isikhashana kuze kube yilapho eqeda ukulayisha.
  • Ama-API amaningana amasha engeziwe kumodi ye-Origin Trials (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile). I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
    • I-Declarative API PendingBeacon, ekuvumela ukuthi ulawule ukuthunyelwa kwedatha engadingi impendulo (ibhekhoni) kuseva. I-API entsha ikuvumela ukuthi unikeze ukuthunyelwa kwedatha enjalo kusiphequluli, ngaphandle kwesidingo sokubiza imisebenzi yokuthumela ngesikhathi esithile, isibonelo, ukuhlela ukudluliselwa kwe-telemetry ngemva kokuba umsebenzisi evale ikhasi.
    • Isihloko se-HTTP Sezimvume-Inqubomgomo (Inqubomgomo Yesici), esisetshenziselwa ukunikeza igunya futhi inike amandla izici ezithuthukisiwe, manje sisekela inani "lokukhipha", elingasetshenziswa ukukhubaza izibambi zomcimbi "wokukhipha" ekhasini.
  • Usekelo lwesibaluli se-“rel” sengeziwe kuthegi ye-, ekuvumela ukuthi usebenzise ipharamitha ye-“rel=noreferrer” ukuze uzulazule ngamafomu ewebhu ukuze ukhubaze ukudluliswa kwesihloko se-Referer noma i-“rel=noopener” ukuze ukhubaze. ukusetha indawo ye-Window.opener futhi uvimbele ukufinyelela kumongo lapho inguquko yenziwe khona.
  • Igridi ye-CSS yengeze usekelo lokuhumushela amakholomu-isifanekiso segridi kanye nezakhiwo zemigqa yesifanekiso segridi ukuze kuhlinzekwe uguquko olushelelayo phakathi kwezimo zegridi ezihlukene.
  • Ukuthuthukiswa kwenziwe kumathuluzi onjiniyela bewebhu. Kwengezwe ikhono lokumisa ama-hotkey. Ukuhlolwa kwenkumbulo okuthuthukisiwe kwezinto zohlelo lwe-C/C++ eziguqulelwe kufomethi ye-WebAssembly.

Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha isusa ubungozi obuyi-14. Ubungozi obuningi buhlonzwe njengomphumela wokuhlolwa okuzenzakalelayo kusetshenziswa i-AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer kanye namathuluzi e-AFL. Azikho izinkinga ezibucayi ezitholiwe ezingavumela umuntu ukuthi adlule wonke amazinga okuvikela isiphequluli futhi akhiphe ikhodi kusistimu engaphandle kwendawo ye-sandbox. Njengengxenye yohlelo lokukhokha imiklomelo yemali ngokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo eyi-10 enani lamadola ayizinkulungwane ezingama-57 wase-US (umklomelo owodwa wama-$20000, ama-$17000 nama-$7000, imiklomelo emibili ka-$3000, imiklomelo emithathu ka-$2000 noyedwa umklomelo we-$1000). Usayizi womklomelo owodwa awukakanqunywa.

Source: opennet.ru

Engeza amazwana