I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-Chrome 77

Ukukhishwa kwe-Chrome 77

I-Google ikhiphe inguqulo entsha yesiphequluli se-inthanethi ye-Chrome. Ngesikhathi esifanayo, ukukhishwa okusha kwephrojekthi ye-Chromium yomthombo ovulekile - izisekelo ze-Chrome - kuyatholakala. Ukukhishwa okulandelayo kuhlelelwe u-Okthoba 22nd.

Enguqulweni entsha:

  • Ukumaka okuhlukene kwamasayithi anezitifiketi zezinga le-EV (Ukuqinisekisa Okunwetshiwe) kunqanyuliwe. Ulwazi mayelana nokusetshenziswa kwezitifiketi ze-EV manje selukhonjiswa kuphela kumenyu yokudonsela phansi eboniswa lapho uchofoza isithonjana sokuxhuma okuvikelekile. Igama lenkampani eliqinisekiswe igunya lokunikeza isitifiketi, lapho isitifiketi se-EV sixhunywe khona, ngeke lisaboniswa kubha yekheli;
  • Ukuhlukaniswa okukhulayo kwabaphathi besayithi. Ukuvikelwa okungeziwe kwedatha yesizindalwazi, njengamakhukhisi nezinsiza ze-HTTP, etholwe kumasayithi ezinkampani zangaphandle ezilawulwa abahlaseli. Ukuzihlukanisa kusebenza noma ngabe umhlaseli ethola iphutha enqubweni yokunikezela futhi ezama ukwenza ikhodi kumongo wayo;
  • Kwengezwe ikhasi elisha elamukela abasebenzisi abasha (chrome://welcome/), eliboniswa esikhundleni sokusebenzelana okujwayelekile kokuvula ithebhu entsha ngemva kokwethulwa kokuqala kwe-Chrome. Ikhasi likuvumela ukuthi ubeke uphawu lwezinsizakalo ze-Google ezidumile (i-GMail, i-YouTube, i-Maps, izindaba kanye ne-Translate), unamathisele izinqamuleli ekhasini lethebhu entsha, uxhume ku-akhawunti ye-Google ukuze unike amandla Ukuvumelanisa kwe-Chrome, futhi usethe i-Chrome ukuthi ibe ikholi ezenzakalelayo ohlelweni. .
  • Imenyu yekhasi lethebhu entsha, eboniswe ekhoneni eliphezulu kwesokudla, manje inamandla okulayisha isithombe sangemuva, kanye nezinketho zokukhetha itimu nokusetha ibhulokhi enezinqamuleli zokuzulazula okusheshayo (amasayithi avakashelwa kakhulu, ukukhetha komsebenzisi okwenziwa ngesandla. , namabhulokhi okufihla anezinqamuleli). Izilungiselelo okwamanje zimi njengezokuhlola futhi zidinga ukwenziwa kusebenze ngamafulegi athi “chrome://flags/#ntp-customization-menu-v2” kanye “ne-chrome://flags/#chrome-colors-custom-color-picker”;
  • Ukugqwayiza kwesithonjana sesayithi kusihloko sethebhu kuhlinzekiwe, okubonisa ukuthi ikhasi lisenqubweni yokulayisha;
    Kwengezwe ifulegi elithi "--guest", elikuvumela ukuthi uqalise i-Chrome kusukela kumugqa womyalo kumodi yokungena yesivakashi (ngaphandle kokuxhuma ku-akhawunti ye-Google, ngaphandle kokurekhoda umsebenzi wesiphequluli kudiski nangaphandle kokulondoloza iseshini);
  • Ukuhlanzwa kwamafulegi ku-chrome://flags, okuqale ekukhishweni kokugcina, kuyaqhubeka. Esikhundleni samafulege, manje sekuyanconywa ukusebenzisa imithetho ukuze ulungiselele ukuziphatha kwesiphequluli;
  • Inkinobho ethi "Thumela kumadivayisi akho" yengezwe kumenyu yokuqukethwe yekhasi, ithebhu, nebha yekheli, okukuvumela ukuthi uthumele isixhumanisi kwenye idivayisi usebenzisa Ukuvumelanisa kwe-Chrome. Ngemva kokukhetha idivayisi okuyiwa kuyo ehlotshaniswa ne-akhawunti efanayo nokuthumela isixhumanisi, isaziso sizovezwa kudivayisi eqondiwe ukuze uvule isixhumanisi;
  • Enguqulweni ye-Android, ikhasi elinohlu lwamafayela alandiwe liklanywe kabusha ngokuphelele, lapho, esikhundleni semenyu yokudonsela phansi enezigaba zokuqukethwe, zengezwe izinkinobho ukuze kuhlungwe uhlu olujwayelekile ngohlobo lokuqukethwe, kanye nezithonjana zezithombe ezilandiwe. manje aboniswa kubo bonke ububanzi besikrini;
  • Amamethrikhi amasha engeziwe ukuze kuhlolwe isivinini sokulayisha nokunikezela ngokuqukethwe esipheqululini, okuvumela umthuthukisi wewebhu ukuthi anqume ukuthi okuqukethwe okuyinhloko kwekhasi kutholakala ngokushesha kangakanani kumsebenzisi. Amathuluzi okulawula okunikezwayo ayekade ehlinzekiwe akwenza kwaba nokwenzeka ukwahlulela kuphela iqiniso lokuthi ukunikezwa kuqalile, kodwa hhayi ukulungela kwekhasi lilonke. I-Chrome 77 inikeza i-API Enkulu Kakhulu Kakhulu Yopende Okuqukethwe, ekuvumela ukuthi uthole isikhathi sokunikezwa kwezinto ezinkulu (ezibonakalayo zomsebenzisi) endaweni ebonakalayo, njengezithombe, amavidiyo, izakhi zokuvimba kanye nezizinda zekhasi;
  • Kwengezwe i-PerformanceEventTiming API, ehlinzeka ngolwazi mayelana nokulibaziseka ngaphambi kokusebenzisana kokuqala komsebenzisi (isibonelo, ukucindezela ukhiye kukhibhodi noma kumawusi, ukuchofoza noma ukuhambisa isikhombi). I-API entsha iyisethi engaphansi ye-EventTiming API ehlinzeka ngolwazi olwengeziwe ukuze kulinganiswe futhi kusetshenziswe ngokugcwele ukusabela esibonakalayo;
  • Kungezwe izici ezintsha zamafomu ezenza kube lula ukusebenzisa izilawuli zakho zefomu ezingajwayelekile (izinkambu zokufaka ezingajwayelekile, izinkinobho, njll.). Umcimbi omusha "wefomuladatha" wenza kube nokwenzeka ukusebenzisa izibambi ze-JavaScript ukwengeza idatha efomini lapho ihanjiswa, ngaphandle kokugcina idatha ezintweni zokufakwayo ezifihliwe.
    Isici esisha sesibili siwusekelo lokudala izici zangokwezifiso ezihlobene nefomu elisebenza njengezilawuli zefomu ezakhelwe ngaphakathi, okuhlanganisa amakhono afana nokunika amandla ukuqinisekiswa kokokufaka kanye nokucupha idatha ukuthi ithunyelwe kuseva. Impahla ye-formAssociated yethuliwe ukuze imake into njengengxenye yokusebenzelana kwefomu, futhi ikholi ye-attachInternals() yengeziwe ukuze kufinyelelwe izindlela zokulawula zefomu ezengeziwe ezifana ne-setFormValue() kanye ne-setValidity();
  • Kumodi Yezilingo Zomsuka (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile), i-API entsha Yesikhethi Sothintana naye ingeziwe, okuvumela umsebenzisi ukuthi akhethe okufakiwe ebhukwini lamakheli futhi adlulisele imininingwane ethile mayelana nakho kusayithi. Lapho ucela, uhlu lwezakhiwo ezidinga ukutholwa luyanqunywa (isibonelo, igama eligcwele, i-imeyili, inombolo yocingo). Lezi zakhiwo ziboniswa ngokucacile kumsebenzisi, owenza isinqumo sokugcina sokudlulisa idatha noma cha. I-API ingasetshenziswa, ngokwesibonelo, kuklayenti lemeyili yewebhu ukukhetha abamukeli bencwadi ethunyelwe, kuhlelo lokusebenza lewebhu elinomsebenzi we-VoIP ukuqalisa ucingo oluya enombolweni ethile, noma kunethiwekhi yokuxhumana nomphakathi ukucinga abangani asebebhalisiwe. .
    I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile;
  • Kumafomu, isibaluli se-"enterkeyhint" sisetshenzisiwe, esikuvumela ukuthi uchaze ukuziphatha lapho ucindezela ukhiye u-Enter kukhibhodi ebonakalayo. Isibaluli singathatha amanani angene, enziwe, ahambe, alandelayo, adlule, aseshe futhi athumele;
  • Kwengezwe umthetho wesizinda sedokhumenti olawula ukufinyelela esakhiweni se-“document.domain”. Ngokuzenzakalelayo, ukufinyelela kuvunyelwe, kodwa uma kwenqatshwa, umzamo wokushintsha inani elithi “document.domain” uzoholela ephutha;
  • Ikholi ye-LayoutShift yengezwe ku-Performance API ukuze kulandelelwe izinguquko endaweni yezinto ze-DOM esikrinini.
    Usayizi wesihloko se-HTTP esithi “Referer” ukhawulelwe ku-4 KB, uma leli nani leqiwe, okuqukethwe kufinyezwa egameni lesizinda;
  • I-agumenti ye-url kumsebenzi werejistaProtocolHandler() ikhawulelwe ekusebenziseni kuphela izikimu ze-http:// kanye ne-https:// futhi manje ayizivumeli izikimu "zedatha:" kanye "ne-blob:";
  • Kwengezwe ukusekelwa kokufometha kwamayunithi, izimali, imibhalo yesayensi nehlangene endleleni ye-Intl.NumberFormat (isibonelo, "Intl.NumberFormat('en', {style: 'unit', unit: 'meter-per-second'}") ;
  • Kungezwe izici ezintsha ze-CSS ezidlulayo ekuziphatheni-kumugqa kanye ne-overscroll-behavior-block ukuze ulawule ukuziphatha kokuskrola lapho umngcele onengqondo wendawo yokuskrola ufinyelelwa;
  • Indawo ye-CSS emhlophe manje isekela inani lezikhala zezikhala;
  • Abasebenzi Besevisi bangeze ukusekelwa kokuqinisekisa okuyisisekelo kwe-HTTP nokubonisa ibhokisi lengxoxo elijwayelekile lokufaka imingcele yokungena;
  • I-Web MIDI API manje ingasetshenziswa kuphela kumongo wokuxhumana okuphephile (https, ifayela lendawo noma ihosti yasendaweni);
  • I-WebVR 1.1 API imenyezelwe ukuthi isiphelelwe yisikhathi, kwathathelwa indawo i-WebXR Device API, evumela ukufinyelela ezingxenyeni zokudala okungokoqobo okungokoqobo nokungathandwa kwabathelisi esikubona futhi ihlanganisa umsebenzi ngamakilasi ahlukahlukene wamadivayisi, kusukela kuzigqoko zokuzivikela zangempela ezimile kuya kuzixazululo ezisekelwe kumadivayisi eselula.
    Kumathuluzi kanjiniyela, ikhono lokukopisha izakhiwo ze-CSS zenodi ye-DOM ebhodini lokunamathisela lengezwe ngemenyu yokuqukethwe, ebizwa ngokuchofoza kwesokudla endaweni esesihlahleni se-DOM. Isixhumi esibonakalayo sengeziwe (Bonisa Ukunikezela/Isakhiwo Shift Izifunda) ukuze kulandelelwe amashifu esakhiwo ngenxa yokuntuleka kwezimeli zokukhangisa nezithombe (uma kulayishwa isithombe esilandelayo kuhambisa umbhalo phansi uma ubuka). Ideshibhodi yokuhlola ibuyekeziwe ukuze ikhishwe i-Lighthouse 5.1. Kunikwe amandla ukushintshela okuzenzakalelayo kokuthimu emnyama ye-DevTools uma usebenzisa itimu emnyama ku-OS. Kumodi yokuhlola inethiwekhi, ifulegi lengeziwe ukuze kulayishwe insiza evela kunqolobane yokulanda kuqala. Ukwesekwa okwengeziwe kokubonisa imilayezo yohlelo lokusebenza nezaziso kuphaneli yohlelo lokusebenza. Kukhonsoli yewebhu, lapho uhlola kuqala izinto, izinkambu eziyimfihlo zamakilasi manje ziyaboniswa;
  • Enjinini ye-V8 JavaScript, ukugcinwa kwezibalo mayelana nezinhlobo zama-operands asetshenziswa emisebenzini ehlukene kuthuthukisiwe (kukuvumela ukuthi uthuthukise ukusebenza kwale misebenzi ngokucabangela izinhlobo ezithile). Ukuze kuncishiswe ukusetshenziswa kwenkumbulo, amavektha aqaphela uhlobo manje afakwa enkumbulweni kuphela ngemva kokukhishwa kwenani elithile le-bytecode, okuqeda isidingo sokuthuthukisa imisebenzi enesikhathi esifushane sokuphila. Lolu shintsho likuvumela ukuthi ulondoloze u-1-2% wememori enguqulweni yezinhlelo zedeskithophu kanye no-5-6% wamadivayisi eselula;
  • Ukukhula okuthuthukisiwe kokuhlanganiswa kwangemuva kwe-WebAssembly - uma ama-core processor amaningi ohlelweni, inzuzo enkulu evela ekuthuthukisweni okungeziwe. Isibonelo, emshinini we-Xeon wama-24-core, isikhathi sokuhlanganiswa sohlelo lokusebenza lwedemo ye-Epic ZenGarden sinqunywe phakathi;

Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha isusa ubungozi obungu-52. Ubungozi obuningi buhlonzwe njengomphumela wokuhlolwa okuzenzakalelayo kusetshenziswa i-AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer kanye namathuluzi e-AFL. Inkinga eyodwa (CVE-2019-5870) imakwe njengebucayi, i.e. ikuvumela ukuthi udlule wonke amazinga okuvikela isiphequluli futhi wenze ikhodi kusistimu engaphandle kwendawo ye-sandbox. Imininingwane emayelana nokuba sengozini okubalulekile ayikadalulwa, kwaziwa kuphela ukuthi ingaholela ekufinyeleleni endaweni yenkumbulo esivele ikhululiwe kukhodi yokucubungula idatha ye-multimedia. Njengengxenye yohlelo lokukhokha imiklomelo yemali ngokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engama-38 ebiza u-$33500 (umklomelo owodwa wama-$7500, imiklomelo emine yama-$3000, imiklomelo emithathu ka-$2000, imiklomelo emine engu-$1000 kanye nemiklomelo eyisishiyagalombili yama-$500). Ubukhulu bemiklomelo engu-18 abukakaziwa.

Source: linux.org.ru

Engeza amazwana