Google ukukhishwa kwesiphequluli sewebhu ... Kanyekanye ukukhishwa okuzinzile kwephrojekthi yamahhala , esebenza njengesisekelo se-Chrome. Isiphequluli se-Chrome ukusetshenziswa kwezimpawu ze-Google, ukuba khona kwesistimu yokuthumela izaziso uma kwenzeka ingozi, ikhono lokulanda imojula ye-Flash uma ucelwa, amamojula wokudlala okuqukethwe kwevidiyo evikelekile (DRM), uhlelo lokufaka ngokuzenzakalelayo izibuyekezo kanye nokudlulisa ngesikhathi sokusesha . Ukukhishwa okulandelayo kwe-Chrome 78 kuhlelelwe u-Okthoba 22.
:
- ukumaka okuhlukile kwamasayithi anezitifiketi zezinga le-EV (Ukuqinisekisa Okunwetshiwe). Ulwazi mayelana nokusetshenziswa kwezitifiketi ze-EV manje selukhonjiswa kuphela kumenyu yokudonsela phansi eboniswa lapho uchofoza isithonjana sokuxhuma okuvikelekile. Igama lenkampani eliqinisekiswe igunya lokunikeza isitifiketi, lapho isitifiketi se-EV sixhunywe khona, ngeke lisaboniswa kubha yekheli;
- Ukuhlukaniswa okukhulayo kwabaphathi besayithi. Ukuvikelwa okungeziwe kwedatha yesizindalwazi, njengamakhukhisi nezinsiza ze-HTTP, etholwe kumasayithi ezinkampani zangaphandle ezilawulwa abahlaseli. Ukuzihlukanisa kusebenza noma ngabe umhlaseli ethola iphutha enqubweni yokunikezela futhi ezama ukwenza ikhodi kumongo wayo;
- Kwengezwe ikhasi elisha elamukela abasebenzisi abasha (chrome://welcome/), eliboniswa esikhundleni sokusebenzelana okujwayelekile kokuvula ithebhu entsha ngemva kokwethulwa kokuqala kwe-Chrome. Ikhasi likuvumela ukuthi ubeke uphawu lwezinsizakalo ze-Google ezidumile (i-Gmail, i-YouTube, i-Maps, izindaba kanye ne-Translate), unamathisele izinqamuleli ekhasini lethebhu entsha, uxhume ku-akhawunti ye-Google ukuze unike amandla Ukuvumelanisa kwe-Chrome, futhi usethe i-Chrome ukuthi ibe ikholi ezenzakalelayo ohlelweni. .
- Imenyu yekhasi lethebhu entsha, eboniswe ekhoneni eliphezulu kwesokudla, manje inamandla okulayisha isithombe sangemuva, kanye nezinketho zokukhetha itimu nokusetha ibhulokhi enezinqamuleli zokuzulazula okusheshayo (amasayithi avakashelwa kakhulu, ukukhetha komsebenzisi okwenziwa ngesandla. , namabhulokhi okufihla anezinqamuleli). Izilungiselelo okwamanje zimi njengezokuhlola futhi zidinga ukwenziwa kusebenze ngamafulegi athi “chrome://flags/#ntp-customization-menu-v2” kanye “ne-chrome://flags/#chrome-colors-custom-color-picker”;
- Ukugqwayiza kwesithonjana sesayithi kusihloko sethebhu kuhlinzekiwe, okubonisa ukuthi ikhasi lisenqubweni yokulayisha;
- Kwengezwe ifulegi elithi “--guest”, elikuvumela ukuthi uqalise i-Chrome kusuka kulayini womyalo kumodi yokungena kwesivakashi (ngaphandle kokuxhuma ku-akhawunti ye-Google, ngaphandle kokurekhoda umsebenzi wesiphequluli kudiski nangaphandle kokulondoloza iseshini);
- Ukuhlanzwa kwamafulegi ku-chrome://flags, okuqale ekukhishweni kokugcina, kuyaqhubeka. Esikhundleni samafulege, manje sekuyanconywa ukusebenzisa imithetho ukuze ulungiselele ukuziphatha kwesiphequluli;
- Inkinobho ethi "Thumela kumadivayisi akho" yengezwe kumenyu yokuqukethwe yekhasi, ithebhu, nebha yekheli, okukuvumela ukuthi uthumele isixhumanisi kwenye idivayisi usebenzisa Ukuvumelanisa kwe-Chrome. Ngemva kokukhetha idivayisi okuyiwa kuyo ehlotshaniswa ne-akhawunti efanayo nokuthumela isixhumanisi, isaziso sizovezwa kudivayisi eqondiwe ukuze uvule isixhumanisi;
- Enguqulweni ye-Android, ikhasi elinohlu lwamafayela alandiwe liklanywe kabusha ngokuphelele, lapho, esikhundleni semenyu yokudonsela phansi enezigaba zokuqukethwe, zengezwe izinkinobho ukuze kuhlungwe uhlu olujwayelekile ngohlobo lokuqukethwe, kanye nezithonjana zezithombe ezilandiwe. manje aboniswa kubo bonke ububanzi besikrini;
- amamethrikhi amasha okuhlola isivinini sokulayisha nokunikezela ngokuqukethwe esipheqululini, okuvumela umthuthukisi wewebhu ukuthi anqume ukuthi okuqukethwe okuyinhloko kwekhasi kutholakala ngokushesha kangakanani kumsebenzisi. Amathuluzi okulawula wokunikeza ayenikeziwe ngaphambili enze kwaba nokwenzeka ukwahlulela kuphela iqiniso lokuthi ukunikezwa kuqalile, kodwa hhayi ukulungela kwekhasi lilonke. I-Chrome 77 yethula i-API entsha , okuvumela ukuthi uthole isikhathi sokunikezwa kwezinto ezinkulu (ezibonakalayo zomsebenzisi) endaweni ebonakalayo, njengezithombe, amavidiyo, izakhi zokuvimba kanye nesizinda sekhasi;
- I-API eyengeziwe , ehlinzeka ngolwazi mayelana nokulibaziseka ngaphambi kokusebenzelana kokuqala komsebenzisi (isibonelo, ukucindezela ukhiye kukhibhodi noma igundane, ukuchofoza, noma ukuhambisa isikhombi). I-API entsha iyisethi engaphansi ye-EventTiming API ehlinzeka ngolwazi olwengeziwe ukuze kulinganiswe futhi kusetshenziswe ngokugcwele ukusabela esibonakalayo;
- izici ezintsha zamafomu ezenza kube lula ukusebenzisa izilawuli zakho zefomu ezingajwayelekile (izinkambu zokufaka ezingajwayelekile, izinkinobho, njll.). Umcimbi omusha othi "formdata" wenza kube nokwenzeka ukusebenzisa izibambi ze-JavaScript ukwengeza idatha efomini lapho ihanjiswa, ngaphandle kokugcina idatha ezintweni zokufaka ezifihliwe.
Isici esisha sesibili siwusekelo lokudala izici zangokwezifiso ezihlobene nefomu elisebenza njengezilawuli zefomu ezakhelwe ngaphakathi, okuhlanganisa amakhono afana nokunika amandla ukuqinisekiswa kokokufaka kanye nokucupha idatha ukuthi ithunyelwe kuseva. Impahla ye-formAssociated yethuliwe ukuze imake into njengengxenye yokusebenzelana kwefomu, futhi ikholi ye-attachInternals() yengeziwe ukuze kufinyelelwe izindlela zokulawula zefomu ezengeziwe ezifana ne-setFormValue() kanye ne-setValidity();
- Kwindlela (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile) i-API entsha yengeziwe , okuvumela umsebenzisi ukuthi akhethe okufakiwe ebhukwini lamakheli futhi adlulisele imininingwane ethile mayelana nakho kusayithi. Lapho ucela, kunqunywa uhlu lwezakhiwo ezidinga ukutholwa (isibonelo, igama eligcwele, i-imeyili, inombolo yocingo). Lezi zakhiwo ziboniswa ngokucacile kumsebenzisi, owenza isinqumo sokugcina sokudlulisa idatha noma cha. I-API ingasetshenziswa, ngokwesibonelo, kuklayenti lemeyili yewebhu ukukhetha abamukeli bencwadi ethunyelwe, kuhlelo lokusebenza lewebhu elinomsebenzi we-VoIP ukuqalisa ucingo oluya enombolweni ethile, noma kunethiwekhi yokuxhumana nomphakathi ukucinga abangani asebebhalisiwe. .
I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
- Kumafomu, isibaluli “", okukuvumela ukuthi uchaze ukuziphatha uma ucindezela ukhiye u-Enter kukhibhodi ebonakalayo. Isibaluli singathatha amanani angene, enziwe, ahambe, alandelayo, adlule, aseshe futhi athumele;
- Umthetho owengeziwe , elawula ukufinyelela esakhiweni esithi "document.domain". Ngokuzenzakalelayo, ukufinyelela kuvunyelwe, kodwa uma kwenqatshwa, umzamo wokushintsha inani elithi “document.domain” uzoholela ephutha;
- Kwengezwe ikholi ku-Performance API , okukuvumela ukuthi ulandelele izinguquko endaweni yezinto ze-DOM esikrinini.
- Usayizi wesihloko se-HTTP esithi “Referer” ukhawulelwe ku-4 KB, uma leli nani leqiwe, okuqukethwe kufinyezwa egameni lesizinda;
- I-agumenti ye-url ethi registerProtocolHandler() ikhawulelwe ekusebenziseni kuphela izikimu ze-http:// kanye ne-https:// futhi ayisavumeli izikimu "zedatha:" kanye "ne-blob:".
- Ngendlela ungeze ukusekelwa kokufometha kwamayunithi okulinganisa, izimali, imibhalo yesayensi nehlangene (isibonelo, "Intl.NumberFormat('en', {style: 'unit',
iyunithi: 'imitha-ngesekhondi'}"); - Kwengezwe izici ezintsha ze-CSS ukulawula ukuziphatha kokuskrola lapho umngcele onengqondo wendawo yokuskrola ufinyelelwa;
- Okwendawo ye-CSS yesikhala esimhlophe ukwesekwa kwevelu yezindawo zokuphumula;
- Kubasebenzi Benkonzo ukusekelwa kokuqinisekisa okuyisisekelo kwe-HTTP nokubonisa ibhokisi lengxoxo elijwayelekile lokufaka imingcele yokungena;
- I-Web MIDI API manje ingasetshenziswa kuphela kumongo wokuxhumana okuphephile (https, ifayela lendawo noma ihosti yasendaweni);
- Kumenyezelwe ukuthi kwehliswe i-WebVR 1.1 API, eyathathelwa indawo i-API , okukuvumela ukuthi ufinyelele izingxenye zokudala okungokoqobo nokungathandwa kwabathelisi esikubona futhi uhlanganise umsebenzi ngamakilasi ahlukahlukene wamadivayisi, kusukela kuzigqoko zokuzivikela zangempela ezimile kuya kuzixazululo ezisekelwe kumadivayisi eselula.
- Kumathuluzi Wonjiniyela ikhono lokukopisha izici ze-CSS zenodi ye-DOM ebhodini lokunamathisela usebenzisa imenyu yokuqukethwe ebizwa ngokuchofoza kwesokudla endaweni esesihlahleni se-DOM. Isixhumi esibonakalayo sengeziwe (Bonisa Ukunikezela/Isakhiwo Shift Izifunda) ukuze kulandelelwe amashifu esakhiwo ngenxa yokuntuleka kwezimeli zokukhangisa nezithombe (uma kulayishwa isithombe esilandelayo kuhambisa umbhalo phansi uma ubuka). Ideshibhodi yokuhlola ibuyekeziwe ukuze ikhishwe . Kunikwe amandla ukushintshela okuzenzakalelayo kokuthimu emnyama ye-DevTools uma usebenzisa itimu emnyama ku-OS. Kumodi yokuhlola inethiwekhi, ifulegi lengeziwe ukuze kulayishwe insiza evela kunqolobane yokulanda kuqala. Ukwesekwa okwengeziwe kokubonisa imilayezo yohlelo lokusebenza nezaziso kuphaneli yohlelo lokusebenza. Kukhonsoli yewebhu, lapho uhlola kuqala izinto, izinkambu eziyimfihlo zamakilasi manje ziyaboniswa;
- Enjinini ye-V8 JavaScript, ukugcinwa kwezibalo mayelana nezinhlobo zama-operands asetshenziswa emisebenzini ehlukene kuthuthukisiwe (kukuvumela ukuthi uthuthukise ukusebenza kwale misebenzi ngokucabangela izinhlobo ezithile). Ukuze kuncishiswe ukusetshenziswa kwenkumbulo, amavektha aqaphela uhlobo manje afakwa enkumbulweni kuphela ngemva kokukhishwa kwenani elithile le-bytecode, okuqeda isidingo sokuthuthukisa imisebenzi enesikhathi esifushane sokuphila. Lolu shintsho lukuvumela ukuthi ulondoloze u-1-2% wememori enguqulweni yezinhlelo zedeskithophu kanye no-5-6% wamadivayisi eselula.
Ukukhula okuthuthukisiwe kokuhlanganiswa kwangemuva kwe-WebAssembly - uma ama-core processor amaningi ohlelweni, inzuzo enkulu evela ekuthuthukisweni okungeziwe. Isibonelo, emshinini we-Xeon wama-24-core, isikhathi sokuhlanganiswa sohlelo lokusebenza lwedemo ye-Epic ZenGarden sinqunywe phakathi.
Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha iyaqeda . Ubungozi obuningi buhlonzwe njengomphumela wokuhlola okuzenzakalelayo ngamathuluzi , , , и . Inkinga eyodwa (CVE-2019-5870) imakwe njengebucayi, i.e. ikuvumela ukuthi udlule wonke amazinga okuvikela isiphequluli futhi wenze ikhodi kusistimu engaphandle kwendawo ye-sandbox. Imininingwane mayelana nokuba sengozini okubalulekile kuze kube manje , kwaziwa kuphela ukuthi kungaholela ekufinyeleleni endaweni yenkumbulo esivele ikhululiwe kukhodi yokucubungula idatha ye-multimedia. Njengengxenye yohlelo lokukhokha imiklomelo yemali ngokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engama-38 ebiza u-$33500 (umklomelo owodwa wama-$7500, imiklomelo emine yama-$3000, imiklomelo emithathu ka-$2000, imiklomelo emine engu-$1000 kanye nemiklomelo eyisishiyagalombili yama-$500). Ubukhulu bemiklomelo engu-18 abukakaziwa.
Source: opennet.ru
