Ukukhishwa kwe-Chrome 79

Google kwethulwe ukukhishwa kwesiphequluli sewebhu I-Chrome 79... Kanyekanye iyatholakala ukukhishwa okuzinzile kwephrojekthi yamahhala Chromium, esebenza njengesisekelo se-Chrome. Isiphequluli se-Chrome okuhlukile ukusetshenziswa kwezimpawu ze-Google, ukuba khona kwesistimu yokuthumela izaziso uma kwenzeka ingozi, ikhono lokulanda imojula ye-Flash uma ucelwa, amamojula wokudlala okuqukethwe kwevidiyo evikelekile (DRM), uhlelo lokufaka ngokuzenzakalelayo izibuyekezo kanye nokudlulisa ngesikhathi sokusesha Izilinganiso ze-RLZ. Ukukhishwa okulandelayo kwe-Chrome 80 kuhlelelwe uFebhuwari 4.

main shintsha в Chrome 79:

• yenziwe yasebenza Ingxenye yokuhlolwa kwephasiwedi, edizayinelwe ukuhlaziya amandla amaphasiwedi asetshenziswa umsebenzisi. Uma uzama ukungena kunoma iyiphi isayithi Ukuhlolwa Kwephasiwedi kuyafeza ukuhlola ukungena ngemvume nephasiwedi ngokumelene nesizindalwazi sama-akhawunti onakalisiwe anesexwayiso uma izinkinga zitholwa (ukuhlola kwenziwa ngokusekelwe kusiqalo se-hashi ohlangothini lomsebenzisi). Ukuhlolwa kwenziwa ngokumelene nesizindalwazi esihlanganisa ama-akhawunti onakalisiwe angaphezu kwezigidigidi ezi-4 avele kuzigcinilwazi zabasebenzisi eziputshuziwe. Isexwayiso siyavezwa futhi uma uzama ukusebenzisa amagama ayimfihlo angathi shu njengokuthi "abc123". Ukuze ulawule ukufakwa Kokuhlolwa Kwephasiwedi, isilungiselelo esikhethekile sisetshenziswe esigabeni esithi "Vumelanisa Nezinsizakalo Ze-Google".
• Ubuchwepheshe obusha bokuthola ubugebengu bokweba imininingwane ebucayi ngesikhathi sangempela buyethulwa. Ngaphambilini, ukuqinisekiswa kwenziwa ngokufinyelela uhlu oluvinjelwe Lokuphequlula Okuphephile olulandwe endaweni, olwalubuyekezwa cishe kanye njalo emizuzwini engu-30, okuvele kunganele, isibonelo, ezimeni zokushintshwa kwesizinda okuvamisile ngabahlaseli. Indlela entsha ikuvumela ukuthi uhlole ama-URL ekuhambeni ngokuhlola kokuqala ngokumelene nabagunyaziwe abahlanganisa ama-hashes ezinkulungwane zamasayithi adumile athembekile. Uma isayithi elivuliwe lingekho ohlwini olumhlophe, isiphequluli sihlola i-URL kuseva ye-Google, sidlulise amabhithi okuqala angu-32 we-SHA-256 hash yesixhumanisi, lapho kukhishwa khona idatha yomuntu siqu. Ngokusho kwe-Google, indlela entsha ingathuthukisa ukusebenza kwezixwayiso kumasayithi amasha obugebengu bokweba imininingwane ebucayi ngo-30%.
• Kwengezwe isivikelo esisebenzayo ngokumelene nokudluliselwa kwemininingwane ye-Google nanoma imaphi amaphasiwedi agcinwe kusiphathi sephasiwedi ngamakhasi obugebengu bokweba imininingwane ebucayi. Uma uzama ukufaka igama-mfihlo elilondoloziwe kusayithi lapho leyo phasiwedi ingavamile ukusetshenziswa, umsebenzisi uzoxwayiswa ngesenzo esingaba yingozi.
• Uxhumano olusebenzisa i-TLS 1.0 no-1.1 manje lubonisa inkomba yokuxhumana engavikelekile. Isekela ngokugcwele i-TLS 1.0 ne-1.1 izokhutshazwa ku-Chrome 81, ihlelelwe uMashi 17, 2020.
• Kwengezwe amandla okufriza amathebhu angasebenzi, okukuvumela ukuthi ukhiphe ngokuzenzakalelayo kumathebhu enkumbulo abengemuva ngaphezu kwamaminithi angu-5 futhi ungenzi izenzo ezibalulekile. Isinqumo mayelana nokufaneleka kwethebhu ethile yokuqandisa senziwa ngokusekelwe ku-heuristics. Ukunika amandla umsebenzi kulawulwa ngefulegi elithi “chrome://flags/#proactive-tab-freeze”.
• Kuvikelekile Ukuvimbela okuqukethwe okuxubile emakhasini kuvulwe nge-HTTPS ukuze kuqinisekiswe ukuthi amakhasi avulwe nge-https:// aqukethe kuphela izinsiza ezilayishwe ngesiteshi sokuxhumana esivikelekile. Noma izinhlobo eziyingozi kakhulu zokuqukethwe okuxubile, njengemibhalo nama-iframe, sezivele zivinjelwe ngokuzenzakalela, izithombe, amafayela alalelwayo namavidiyo asengalandwa nge-http://. Isikhombi sokuqukethwe okuxubile esisetshenziswe ngaphambilini sokufakwa okunjalo sitholwe singasebenzi futhi sidukisa umsebenzisi, ngoba asihlinzeki ngokuhlolwa okucacile kokuvikeleka kwekhasi. Isibonelo, ngokukhwabanisa kwesithombe, umhlaseli angashintsha amakhukhi okulandelela umsebenzisi, azame ukuxhaphaza ubungozi kumaphrosesa wesithombe, noma enze umgunyathi ngokushintsha ulwazi olunikezwe esithombeni. Ukuze ukhubaze ukukhiya kwezingxenye ezixubile, kufakwe isilungiselelo esikhethekile, esingafinyelelwa ngemenyu evela lapho uchofoza uphawu lokukhiya.
• Kwengezwe amandla okuhlola ukwabelana ngokuqukethwe kwebhodi lokunamathisela phakathi kwedeskithophu nezinguqulo zeselula ze-Chrome. Ezimweni ze-Chrome exhunywe ku-akhawunti eyodwa, ungakwazi manje ukufinyelela okuqukethwe ebhodini lokunamathisela lenye idivayisi, okuhlanganisa ukwabelana ngebhodi lokunamathisela phakathi kwesistimu yeselula neyedeskithophu. Okuqukethwe ebhodini lokunamathisela kubethelwe kusetshenziswa ukubethela ngasemaphethelweni, okuvimbela ukufinyelela kumbhalo kumaseva e-Google. Umsebenzi unikwe amandla ngezinketho chrome://flags#shared-clipboard-receiver, chrome://flags#shared-clipboard-ui kanye ne-chrome://flags#sync-clipboard-service.
• Kubha yekheli ngezikhathi ezithile (ngokwesibonelo, lapho ulondoloza iphasiwedi) lapho ukuvumelanisa iphrofayela kuvaliwe, ngaphezu kwe-avatar, igama le-akhawunti yamanje ye-Google liyaboniswa ukuze umsebenzisi akwazi ukukhomba ngokunembile i-akhawunti esebenzayo yamanje.
• Yenzelwe u-1% wabasebenzisi ukwesekwa “I-DNS phezu kwe-HTTPS” (DoH, DNS phezu kwe-HTTPS). Ukuhlolwa kuhilela abasebenzisi kuphela izilungiselelo zabo zesistimu esezibabalulile kakade abahlinzeki be-DNS abasekela i-DoH. Isibonelo, uma umsebenzisi ene-DNS 8.8.8.8 ecaciswe kuzilungiselelo zesistimu, isevisi ye-DoH ye-Google (“https://dns.google.com/dns-query”) izokwenziwa isebenze ku-Chrome; uma i-DNS ithi 1.1.1.1. XNUMX, bese kuba yisevisi ye-DoH Cloudflare (“https://cloudflare-dns.com/dns-query”), njll. Ukuze ulawule ukuthi i-DoH ivuliwe yini, kunikezwa isilungiselelo esithi “chrome://flags/#dns-over-https”. Kusekelwa izindlela ezintathu zokusebenza: zivikelekile, ziyazenzakalela futhi zivaliwe. Kumodi "evikelekile", ababungazi banqunywa kuphela ngokusekelwe kumanani avikelekile agcinwe kunqolobane yangaphambilini (atholwe ngoxhumano oluvikelekile) kanye nezicelo nge-DoH; ukubuyela emuva ku-DNS evamile akusetshenziswa. Kumodi "ezenzakalelayo", uma i-DoH nenqolobane evikelekile ingatholakali, idatha ingabuyiswa kunqolobane engavikelekile futhi ifinyelelwe nge-DNS evamile. Kumodi "yokucisha", inqolobane eyabiwe iqala ihlolwe futhi uma ingekho idatha, isicelo sithunyelwa ngohlelo lwe-DNS.
• Kwengezwe okokuhlola ukwesekwa ukugcinwa kunqolobane kokuqukethwe okunikeziwe lapho ushintsha amakhasi kusetshenziswa izinkinobho zokuya phambili nangemuva, okunganciphisa kakhulu ukubambezeleka phakathi nalolu hlobo lokuzulazula ngenxa yokugcwaliswa kwesikhashana kwekhasi lonke, okungadingi ukuphinda kunikezelwe nokulayishwa kwezinsiza. Ukulungiselelwa kubonakala ikakhulukazi enguqulweni yamadivayisi eselula, lapho ukwanda kokusebenza ngesikhathi sokuzula kufinyelela ku-19%. Imodi inikwe amandla kusetshenziswa inketho ethi “chrome://flags#back-forward-cache”.
• Kususiwe ukusetha okuthi “chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains”, okwenze kwaba nokwenzeka ukubuyisela ukuboniswa kwephrothokholi kubha yekheli (manje zonke izixhumanisi zihlala ziboniswa ngaphandle kokuthi https:// kanye ne-http:/ /, futhi ngaphandle kokuthi “www.”).
• Ukwakhiwa kweWindows kufaka phakathi i-sandboxing yesevisi yokudlala okulalelwayo. Ukuze ulawule ukuthi ukuhlukaniswa kuvuliwe yini, kuhlongozwa indawo ye-AudioSandboxEnabled.
• Amathuluzi okuphatha amaphakathi ezinkampani ahlanganisa ikhono lokuchaza imithetho elawula ukuthi ingakanani inkumbulo engasetshenziswa isiphequluli ngaphambi kokuthi amathebhu angemuva alayishwe. Imemori ekhishwe ngemva kokukhipha ithebhu iyatholakala ukuze isetshenziswe, futhi okuqukethwe kwethebhu kuyalayishwa futhi uma kushintshelwa kuyo.
• I-Linux isebenzisa iphrosesa eyakhelwe ngaphakathi yokuqinisekisa isitifiketi, ethatha indawo yesistimu ye-NSS eyayisetshenziswa ngaphambilini. Kulokhu, iphrosesa eyakhelwe ngaphakathi iyaqhubeka nokusebenzisa isitolo se-NSS ngesikhathi sokuqinisekisa, kodwa ibeka izidingo eziqinile lapho icubungula izitifiketi ezifakwe ikhodi engalungile neziqinisekisiwe ngokwehlukana (zonke izitifiketi kufanele zigunyazwe yiziphathimandla zesitifiketi).
• Kunguqulo yesikhulumi se-Android kwengezwe ikhono lokunikeza izithonjana eziguquguqukayo zezinhlelo zokusebenza zewebhu ezifakiwe ezisebenza ngemodi ye-Progressive Web Apps (PWA). Izithonjana eziguquguqukayo zingajwayelana nesixhumi esibonakalayo esisetshenziswa umkhiqizi wedivayisi, isibonelo, ukuba yindilinga, isikwele, noma amakhona abushelelezi.
• Kwengezwe API Idivayisi ye-WebXR, okunikeza ukufinyelela ezingxenyeni zokudala okungokoqobo nokungathandwa kwabathelisi esikubona. I-API ikuvumela ukuthi uhlanganise umsebenzi ngamakilasi ahlukahlukene wamadivayisi, kusukela kumahedisethi ento engekho ngokoqobo amile afana ne-Oculus Rift, i-HTC Vive ne-Windows Mixed Reality, kuya kuzixazululo ezisekelwe kumadivayisi eselula afana ne-Google Daydream View ne-Samsung Gear VR. Izinhlelo zokusebenza lapho i-API entsha ingase isebenze khona zihlanganisa izinhlelo zokubuka ividiyo ngemodi engu-360°, amasistimu okubona ngeso lengqondo indawo enezinhlangothi ezintathu, ukudala amasinema abonakalayo okwethulwa kwevidiyo, ukwenza izivivinyo ekudaleni ukuxhumana kwe-3D kwezitolo namagalari;
  

• Kumodi Yezilingo Zomsuka (izici zokuhlola ezidinga ukuhlukaniswa ukwenza kusebenze) kuphakanyiswe ama-API amasha ambalwa. I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
  • Kuzo zonke izici ze-HTML, isibaluli se-"rendersubtree" siyahlongozwa, esiqinisekisa ukuthi ukuboniswa kwesici se-DOM kulungisiwe. Ukusetha isibaluli kokuthi "okungabonakali" kuzovimbela okuqukethwe kwe-elementi ekunikezelweni noma ukuhlolwa, okuvumela ukunikezwa okuthuthukisiwe. Uma kusethelwe kokuthi "okusebenzayo", isiphequluli sizosusa isibaluli esingabonakali, sinikeze okuqukethwe futhi sikwenze kubonakale.
  • Inketho ye-API eyengeziwe Wake lock ngokusekelwe endleleni Yesethembiso, ehlinzeka ngendlela evikeleke kakhudlwana yokulawula ukukhutshazwa kwezikrini zokukhiya ngokuzenzakalelayo nokushintsha amadivayisi kumamodi okonga amandla.
• Kusetshenziswe ikhono lokusebenzisa isibaluli i-autofocus kuzo zonke izici ze-HTML ne-SVG ezingaba nokugxila kokokufaka.
• Okwezithombe namavidiyo ivikelekile Bala ukubukeka kwe-aspect ratio ngokususelwe Kuzibaluli Zobubanzi noma Zobude, ezingasetshenziswa ukunquma usayizi wesithombe kusetshenziswa i-CSS esigabeni lapho isithombe singakalayishwa (ixazulula inkinga ngokwakha kabusha ikhasi ngemva kokulayishwa kwezithombe).
• Kwengezwe impahla ye-CSS ifonti-optical-sizing, osetha ngokuzenzakalelayo usayizi wefonti oguquguqukayo ezididiyelweni zokubona "opsz", uma ifonti iwasekela. Imodi ikuvumela ukuthi ukhethe umumo weglyph olungile wosayizi othile, isibonelo, sebenzisa ama-glyphs ahluke kakhulu ezihlokweni.
• Kwengezwe impahla ye-CSS uhlobo lwesitayela sohlu, okukuvumela ukuthi usebenzise noma yiziphi izimpawu esikhundleni sezikhathi ezinhlwini, isibonelo, “-“, “+”, “★” kanye “▸”.
• Uma kungenakwenzeka ukwenza i-Worklet.addModule(), into manje ibuyiselwa ngolwazi oluningiliziwe mayelana nohlobo lwephutha, okukuvumela ukuba uhlole ngokunembe kakhudlwana imbangela yephutha (izinkinga ngoxhumo lwenethiwekhi, i-syntax engalungile, njll. .).
• Kumiswe ukucubungula izinto при их перемещении между документами. При переносе между документами также отключено выполнение связанных со скриптом событий «error» и «load».
• Enjinini ye-JavaScript V8 kwenziwe Ukuthuthukiswa kokuphathwa kwezinguquko ekumeleleni kwezinkambu ezintweni, okuholela ekusetshenzisweni kwekhodi ye-AngularJS kuhlelo lokuhlola i-Speedometer egijima ngokushesha ngo-4%.
  

• I-V8 iphinde ithuthukise ukucutshungulwa kwama-getter achazwe kuma-API akhelwe ngaphakathi, njenge-Node.nodeType kanye ne-Node.nodeName, uma singekho isibambi se-IC (inqolobane esemgqeni). Ushintsho lunciphise isikhathi esichithwa ku-IC isikhathi sokusebenza cishe ngo-12% lapho kusetshenziswa ukuhlolwa kwe-Backbone ne-jQuery kusukela ku-Speedometer suite.
  

• Imiphumela ye-OSR (ebizwa ngokuthi i-on-stack replacement) ifakwe kunqolobane, ethatha indawo yekhodi elungiselelwe ngesikhathi sokusebenza (ikuvumela ukuthi uqale ukusebenzisa ikhodi elungiselelwe imisebenzi esebenza isikhathi eside ngaphandle kokulinda ukuthi iphinde isebenze). Ukugcinwa kunqolobane kwe-OSR kwenza kube nokwenzeka ukusebenzisa imiphumela yokuthuthukisa lapho kuqaliswa kabusha umsebenzi, ngaphandle kwesidingo sokudlula ekulungiseni kabusha.
  Kwezinye izivivinyo, ushintsho lwenyuse ukusebenza okuphezulu ngo-5-18%.
  

• Izinguquko kumathuluzi onjiniyela bewebhu:
  Uvele imodi yokulungisa iphutha ukuze kutholwe izizathu zokuvimbela isicelo noma ukuthumela i-Cookie.
  
  • Kubhulokhi enohlu lwe-Cookie, ikhono lokubuka ngokushesha inani le-Cookie ekhethiwe lengezwe ngokuchofoza umugqa othize.
    

  • Kwengezwe ikhono lokulingisa izilungiselelo ezihlukile ze- prefers-color-scheme kanye nemibuzo yemidiya yokuncanyelwayo-encishisiwe (isibonelo, ukuhlola ukuziphatha kwekhasi ngetimu yesistimu emnyama noma imiphumela egqwayizayo ikhutshaziwe).
    

  • Idizayini yethebhu Yokumboza yenziwe yesimanje, okukuvumela ukuthi uhlole ikhodi esetshenzisiwe futhi ayisetshenziswa. Kwengezwe amandla okuhlunga ulwazi ngohlobo lwayo (JavaScript, CSS). Ulwazi lokusetshenziswa kwekhodi luphinde lwengezwe lapho kuboniswa umbhalo owumthombo.
    

  • Kwengezwe amandla okulungisa iphutha lezizathu zokucela insiza ethile yenethiwekhi ngemva kokurekhoda umsebenzi wenethiwekhi (ungabuka umkhondo wekholi yekhodi ye-JavaScript eholele ekulayishweni kwesisetshenziswa).
    

  • Kwengezwe ukulungiselelwa kokuthi “Izilungiselelo > Okuncanyelwayo > Imithombo > Ukuhlehlisa Okuzenzakalelayo” ukuze kunqunywe uhlobo lokuhlehlisa (izikhala noma amathebhu angu-2/4/8) kukhodi eboniswa kuphaneli ye-Console kanye Nemithombo.

Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha isusa ubungozi obungu-51. Ubungozi obuningi buhlonzwe njengomphumela wokuhlolwa okuzenzakalelayo kusetshenziswa i-AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer kanye namathuluzi e-AFL. Izinkinga ezimbili (i-CVE-2019-13725, ukufinyelela inkumbulo ekhululiwe kakade kukhodi yokusekelwa kwe-Bluetooth, kanye ne-CVE-2019-13726, ukuchichima kwenqwaba kumphathi wephasiwedi) zimakwe njengezibucayi, i.e. ikuvumela ukuthi udlule wonke amazinga okuvikela isiphequluli futhi wenze ikhodi kusistimu engaphandle kwendawo ye-sandbox. Kungokokuqala ukuthi kukhonjwe izinkinga ezimbili ezibalulekile phakathi komjikelezo wokuthuthukiswa ofanayo ku-Chrome. Ukuba sengozini kokuqala kutholwe abacwaningi abavela ku-Tencent Keen Security Lab kanye kubonisiwe emqhudelwaneni we-Tianfu Cup, kanti owesibili watholwa ngu-Sergei Glazunov ovela ku-Google Project Zero.

Njengengxenye yohlelo lokuklomelisa ngemali yokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engama-37 ebiza u-$80000 (umklomelo owodwa ongu-$20000, umklomelo owodwa ongu-$10000, imiklomelo emibili engu-$7500, imiklomelo emine engu-$5000, umklomelo owodwa ongu-$3000, imiklomelo emibili engu-$2000 kanye no-$1000 $500 imiklomelo). Ubukhulu bemiklomelo engu-15 abukakaziwa.

Source: opennet.ru