Google ukukhishwa kwesiphequluli sewebhu ... Kanyekanye ukukhishwa okuzinzile kwephrojekthi yamahhala , esebenza njengesisekelo se-Chrome. Isiphequluli se-Chrome ukusetshenziswa kwezimpawu ze-Google, ukuba khona kwesistimu yokuthumela izaziso uma kwenzeka ingozi, ikhono lokulanda imojula ye-Flash uma ucelwa, amamojula wokudlala okuqukethwe kwevidiyo evikelekile (DRM), uhlelo lokufaka ngokuzenzakalelayo izibuyekezo kanye nokudlulisa ngesikhathi sokusesha . Ukukhishwa okulandelayo kwe-Chrome 77 kuhlelelwe uSepthemba 10.
:
- ngokuzenzakalelayo, imodi yokuvikela ekudlulisweni kwamakhukhi enkampani yangaphandle, okuthi, ngaphandle kwesibaluli se-SameSite kusihloko se-Set-Cookie, isethe inani elithi “SameSite=Lax” ngokuzenzakalelayo, ikhawulela ukuthunyelwa kwamakhukhi ukuze afakwe amasayithi ezinkampani zangaphandle (kodwa amasayithi asazokwazi ukweqa umkhawulo ngokusetha ngokusobala lapho usetha inani le-Cookie SameSite=None). Kuze kube manje, isiphequluli sithumele i-Cookie kunoma yisiphi isicelo kusayithi lapho i-Cookie isethelwe khona, ngisho noma elinye isayithi lalivulwe ekuqaleni, futhi isicelo senziwa ngokungaqondile ngokulayisha isithombe noma nge-iframe. Kumodi ye-'Lax', ukudluliswa kwe-Cookie kuvinjelwe kuphela ezicelweni ezingaphansi zamasayithi ahlukene, njengezicelo zesithombe noma ukulayishwa kokuqukethwe kwe-iframe, okuvame ukusetshenziselwa ukuqalisa ukuhlasela kwe-CSRF nokulandelela ukunyakaza komsebenzisi phakathi kwamasayithi.
- Imise ukudlala okuqukethwe kwe-Flash ngokuzenzakalela. Kuze kube yilapho kukhishwa i-Chrome 87, okulindeleke ngoDisemba 2020, ukwesekwa kweFlash kungabuyiswa kuzilungiselelo (Okuthuthukisiwe > Ubumfihlo Nokuphepha > Izilungiselelo Zesayithi), okulandelwa ukuqinisekiswa okucacile kokusebenza kokudlala okuqukethwe kwe-Flash kusayithi ngalinye (ukuqinisekisa kukhunjulwe kuze kube yilapho isiphequluli siqalwa kabusha). Ukususwa okuphelele kwekhodi ukuze kusekelwe i-Flash kuvumelana nohlelo olwamenyezelwa ngaphambilini lwe-Adobe lokuqeda ukusekelwa kobuchwepheshe be-Flash ngo-2020;
- Kumabhizinisi, ikhono lokusesha amafayela kusitoreji se-Google Drive lengeziwe kubha yekheli;
- Kuqalisiwe Ukukhangisa okungalungile ku-Chrome okuphazamisa umbono wokuqukethwe futhi okungahlangabezani nemibandela ethuthukiswe yi-Coalition for Better Advertising;
- Imodi eguquguqukayo yokushintshela ekhasini elisha isetshenzisiwe, lapho okuqukethwe kwamanje kususwa futhi ingemuva elimhlophe liboniswa hhayi ngokushesha, kodwa ngemva kokulibaziseka isikhashana. Emakhasini alayisha ngokushesha, ukuklwebha kubangela ukucwayiza kuphela futhi akunikezi umthwalo okhokhelwayo wokwazisa umsebenzisi ukuthi ikhasi elisha selizolayishwa. Ekukhishweni okusha, uma ikhasi livuleka ngokushesha futhi kukhona ukubambezeleka okuncane, khona-ke ikhasi elisha liboniswa endaweni, lifaka esikhundleni sangaphambilini ngaphandle komthungo (ngokwesibonelo, kulula kakhulu uma ushintshela kwamanye amakhasi esayithi afanayo ngokuklama. kanye nohlelo lombala). Uma kuthatha isikhathi esibonakalayo kumsebenzisi ukuthi abonise ikhasi, khona-ke, njengangaphambili, isikrini sizosulwa ngaphambili;
- Indlela yokunquma umsebenzi womsebenzisi ekhasini iqinisiwe. I-Chrome ikuvumela ukuthi ubonise izaziso ze-pop-up futhi udlale okuqukethwe kwevidiyo/komsindo okucasulayo kuphela ngemva kwezenzo zomsebenzisi ekhasini. Ngokukhishwa okusha, ukucindezela okuthi Escape, ukuhambisa phezulu kwesixhumanisi, nokuthinta isikrini akusabonwa njengokusebenzelana kokwenza kusebenze ikhasi (okudinga ukuchofoza okusobala, ukuthayipha, noma ukuskrola);
- umbuzo wemidiya othi “prefers-color-scheme”, ovumela amasayithi ukuthi anqume ukuthi isiphequluli sisebenzisa itimu emnyama futhi anike amandla ngokuzenzakalelayo itimu emnyama kusayithi elibukwayo.
- Uma unika amandla itimu emnyama ekwakheni i-Linux, ibha yamakheli manje isiboniswa ngombala omnyama;
- ikhono lokunquma ukuvulwa kwekhasi ngemodi ye-incognito ngokukhohlisa nge-FileSystem API, eyayisetshenziswa ngaphambilini ezinye izincwadi ukuphoqelela ukubhalisa okukhokhelwayo uma kwenzeka ukuvulwa kwamakhasi okungenabuntu ngaphandle kokukhumbula Amakhukhi (ukuze abasebenzisi bangasebenzisi imodi yangasese ukweqa indlela yokunikeza ukufinyelela kwesivivinyo samahhala). Ngaphambilini, lapho sisebenza ngemodi ye-incognito, isiphequluli sivimbe ukufinyelela ku-FileSystem API ukuvimbela idatha ukuthi ingangeni phakathi kweseshini, evumela i-JavaScript ukuthi ihlole ikhono lokulondoloza idatha nge-FileSystem API futhi, uma yehluleka, ukwahlulela umsebenzi imodi ye-incognito. Manje ukufinyelela ku-FileSystem API akuvinjiwe, futhi okuqukethwe kuyasulwa ngemva kokuphela kweseshini;
- izinselelo ezintsha ku
Isicelo sokukhokha se-API kanye nesibambi sokukhokha. Ushintsho lwendlela entshaI-PaymentMethod() ivele entweni ye-PaymentRequestEvent, futhi isibambi somcimbi esisha sokushintsha indlela yokukhokha yengezwe entweni ye-PaymentRequest, evumela isayithi lokuqoqwa kwenkokhelo noma isicelo sewebhu ukuthi siphendule kumsebenzisi oshintsha indlela yokukhokha. Ukukhishwa okusha futhi kwenza kube lula kuma-API okukhokha ukuhlola izinhlelo zokusebenza kusetshenziswa izitifiketi ezizisayinele. Ukuziba amaphutha okuqinisekiswa kwesitifiketi ngesikhathi sokuthuthukiswa, inketho yomugqa womyalo omusha “-ignore-certificate-amaphutha” yengeziwe; - Kubha yekheli eduze kwenkinobho yokwengeza kumabhukhimakhi ezinhlelo zokusebenza zewebhu ezisebenza ngemodi ye-Desktop Progressive Web Apps (PWA), isinqamuleli sokufaka uhlelo lwewebhu kusistimu ukuze lusebenze njengohlelo oluhlukile;
- Kumadivayisi eselula, kungenzeka ukulawula ukuboniswa kwephaneli encane ngesimemo sokwengeza uhlelo lokusebenza esikrinini sasekhaya. Kuzinhlelo zokusebenza ze-PWA (Progressive Web App), ibha encane ezenzakalelayo ibonakala ngokuzenzakalelayo lapho uqala ukuvula isayithi. Umthuthukisi manje usenganqaba ukubonisa leli phaneli futhi asebenzise ukwaziswa kwakhe kokufaka, angafaka kuso isibambi somcimbi.
ngaphambi kokufakaprompt futhi unamathisele ucingo ukuze uvimbeleOkuzenzakalelayo();
- Imvamisa yokuhlolwa kokubuyekezwa kwezinhlelo zokusebenza ze-PWA (Uhlelo Lokusebenza Lwewebhu Oluqhubekayo) olufakwe endaweni ye-Android yandisiwe. Izibuyekezo ze-WebAPK manje ziyahlolwa kanye ngosuku, futhi hhayi kanye njalo ezinsukwini ezintathu njengangaphambili. Uma ukuhlola okunjalo kuveza ushintsho okungenani endaweni eyodwa engukhiye ku-manifest, isiphequluli sizolanda futhi sifake i-WebAPK entsha;
- Ku-API yengeze ikhono lokufunda nokubhala ngokuhlelekile izithombe ngebhodi lokunamathisela usebenzisa i-navigator.clipboard.read() kanye nezindlela ze-navigator.clipboard.write();
- Kusetshenziswe usekelo lweqembu lezihloko ze-HTTP (I-Sec-Fetch-Dest, i-Sec-Fetch-Mode, i-Sec-Fetch-Site kanye ne-Sec-Fetch-User), ikuvumela ukuthi uthumele imethadatha eyengeziwe mayelana nohlobo lwesicelo (isicelo sendawo enqamulayo, isicelo nge-img tag, njll. .) ukuze kwamukelwe izinyathelo zeseva ukuvikela ezinhlotsheni ezithile zokuhlaselwa (isibonelo, akunakwenzeka ukuthi isixhumanisi esiya kusiphathi sokudlulisa imali sizocaciswa nge-img tag, ngakho-ke izicelo ezinjalo zingavinjwa ngaphandle kokudluliselwa kuhlelo lokusebenza. );
- Isici esingeziwe , eqala ukuhanjiswa okuhleliwe kwedatha yefomu ngendlela efanayo nokuchofoza inkinobho yokuhambisa. Umsebenzi ungasetshenziswa lapho uthuthukisa ifomu lakho thumela izinkinobho, okuyifomu lokushaya ucingo.submit() elinganele ngenxa yokuthi aliholeli ekuqinisekiseni okusebenzisanayo kwamapharamitha, ukukhiqizwa komcimbi 'wokuhambisa' kanye nokudluliswa kwedatha. kuboshelwe enkinobho yokuhambisa;
- Umsebenzi owengeziwe ku-IndexedDB , okukuvumela ukuthi wenze ukuthenga okuhlotshaniswa nento ye-IDBTransaction ngaphandle kokulinda izibambi zomcimbi kuzo zonke izicelo ezihambisanayo ukuthi ziqedelwe. Ukusebenzisa i-commit() kukuvumela ukuthi ukhuphule i-throughput yokubhala nokufunda izicelo kusitoreji futhi ulawule ngokusobala ukuqedwa komsebenzi;
- Izinketho ezingeziwe emisebenzini ye-Intl.DateTimeFormat njengefomethiToParts() kanye ne-resolueOptions() , okukuvumela ukuthi ucele izitayela zokubonisa zedethi ezithize zendawo nesikhathi;
- Indlela ye-BigInt.prototype.toLocaleString() ishintshiwe ukuze ifomethwe izinombolo ngokusekelwe endaweni, futhi indlela ye-Intl.NumberFormat.prototype.format() kanye nomsebenzi wefomethiToParts() ishintshiwe ukuze isekele amanani okufaka e-BigInt;
- I-API ivunyelwe kuzo zonke izinhlobo zeWeb Workers, ezingasetshenziswa ukukhetha amapharamitha alungile lapho udala iMediaStream evela kusisebenzi;
- Indlela eyengeziwe , ebuyisela kuphela izithembiso ezigcwalisiwe noma ezinqatshiwe, zingafaki izithembiso ezisalindile;
- Kukhishwe inketho ethi “--disable-infobars”, ebingase isetshenziswe ngaphambilini ukufihla izexwayiso ezizivelelayo kusixhumi esibonakalayo se-Chrome (umthetho we-CommandLineFlagSecurityWarningsEnabled uhlongozwa ukuze kufihlwe izexwayiso ezihlobene nokuphepha);
- Ku-interface yokusebenza nama-blobs izindlela umbhalo(), i-arrayBuffer() kanye nokusakaza() ukufunda izinhlobo ezithile zedatha;
- Kwengezwe indawo ye-CSS "white-space:break-spaces" ukuze ucacise ukuthi noma yikuphi ukulandelana kwesikhala esimhlophe esiholela ekuchichimeni komugqa kufanele kwephulwe;
- Umsebenzi usuqalile wokuhlanza amafulegi ku-chrome://flags, isibonelo, hlaba umkhosi ukuze ukhubaze isibaluli se-"ping", esivumela abanikazi besayithi ukulandelela ukuchofoza kuzixhumanisi ezivela emakhasini abo. Uma ulandela isixhumanisi futhi kukhona isibaluli se-“ping=URL” kumaka we-“a href” esipheqululini, ungakwazi manje ukukhubaza ukuthumela isicelo esengeziwe se-POST ku-URL eshiwo kusibaluli esinolwazi mayelana noshintsho. Incazelo yokuvimba i-ping ilahlekile kusukela kulesi sibaluli ekucacisweni kwe-HTML5 futhi kunezinhlelo zokusebenza eziningi zokwenza isenzo esifanayo (isibonelo, ukudlula isixhumanisi sezokuthutha noma ukuvimbela ukuchofoza ngezibambi ze-JavaScript);
- Kukhishwe ifulegi lokukhubaza , lapho amakhasi avela kubasingathi abahlukahlukene ahlala ekhona enkumbulweni yezinqubo ezihlukene, ngayinye esebenzisa i-sandbox yayo.
- Injini ye-V8 ikhulise kakhulu ukusebenza kokuskena nokuhlukanisa ifomethi ye-JSON. Emakhasini ewebhu adumile, ukwenza kwe-JSON.parse kushesha kufika izikhathi ezingu-2.7. Ukuguqulwa kweyunithi yezinhlamvu ze-unicode kusheshiswe ngokuphawulekayo, isibonelo, isivinini samakholi ku-String#localeCompare, String#normalize, kanye namanye ama-Intl API, acishe aphindeka kabili. Ukusebenza kwemisebenzi enamalungu afanayo afriziwe nakho kuthuthukiswe kakhulu uma kusetshenziswa imisebenzi efana nefrozen.indexOf(v), frozen.includes(v), fn(...frozen), fn(....[...frozen]) futhi fn.sebenzisa(lokhu, [... kufriziwe]).
Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha iyaqeda . Ubungozi obuningi buhlonzwe njengomphumela wokuhlola okuzenzakalelayo ngamathuluzi , , , и . Azikho izinkinga ezibucayi ezitholiwe ezingavumela umuntu ukuthi adlule wonke amazinga okuvikela isiphequluli futhi akhiphe ikhodi kusistimu engaphandle kwendawo ye-sandbox. Njengengxenye yohlelo lokukhokha imiklomelo yemali ngokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engu-16 yenani lika-$23500 (umklomelo owodwa wama-$10000, umklomelo owodwa ka-$6000, imiklomelo emibili ka-$3000 kanye nemiklomelo emithathu ka-$500). Usayizi wemiklomelo eyi-9 awukakanqunywa.
Source: opennet.ru