Google ukukhishwa kwesiphequluli sewebhu ... Kanyekanye ukukhishwa okuzinzile kwephrojekthi yamahhala , esebenza njengesisekelo se-Chrome. Isiphequluli se-Chrome ukusetshenziswa kwezimpawu ze-Google, ukuba khona kwesistimu yokuthumela izaziso uma kwenzeka ingozi, ikhono lokulanda imojula ye-Flash uma ucelwa, amamojula wokudlala okuqukethwe kwevidiyo evikelekile (DRM), uhlelo lokufaka ngokuzenzakalelayo izibuyekezo kanye nokudlulisa ngesikhathi sokusesha . Ngenxa yoguquko lwabathuthukisi ukuthi basebenze besuka ekhaya phakathi nobhubhane lwe-SARS-CoV-2 coronavirus, ukukhishwa kwe-Chrome 82 kwabambezeleka. . Ukukhishwa okulandelayo kwe-Chrome 84 kuhlelelwe uJulayi 14.
:
- ukufakwa kwenqwaba (DoH, DNS phezu kwe-HTTPS) kumasistimu omsebenzisi lawo izilungiselelo zawo zesistimu zicacisa abahlinzeki be-DNS abasekela i-DoH (i-DoH yomhlinzeki ofanayo we-DNS izonikwa amandla). Isibonelo, uma umsebenzisi ene-DNS 8.8.8.8 ecaciswe kuzilungiselelo zesistimu, isevisi ye-DoH ye-Google (“https://dns.google.com/dns-query”) izokwenziwa isebenze ku-Chrome; uma i-DNS ithi 1.1.1.1. XNUMX, bese kuba yisevisi ye-DoH Cloudflare (“https://cloudflare-dns.com/dns-query”), njll. Ukuze kuqedwe izinkinga ekuxazululeni ama-intranethi ezinkampani, i-DoH ayisetshenziswa uma kunqunywa ukusetshenziswa kwesiphequluli kumasistimu aphethwe emaphakathi. I-DoH iphinde ingasebenzi uma izinhlelo zokulawula zabazali zikhona.
Ukulawula ukusebenza kwe-DoH kanye nokushintsha umhlinzeki we-DoH kwenziwa nge-configurator ejwayelekile. - Kuphakanyisiwe imvume amafomu ewebhu alungiselelwe ukusetshenziswa ezikrinini zokuthinta kanye nezinhlelo zabantu abakhubazekile. Idizayini yathuthukiswa yi-Microsoft njengengxenye yokuthuthukiswa kwesiphequluli se-Edge futhi yadluliselwa kusisekelo sekhodi ye-Chromium eyinhloko. Ngaphambilini, ezinye izakhi zefomu zaziklanyelwe ukufanisa izici zesistimu yokusebenza, futhi ezinye zaziklanyelwe ukufanisa izitayela ezidume kakhulu. Ngenxa yalokhu, ama-elementi ahlukene ayefaneleka ngendlela ehlukile ezikrinini zokuthintwa, amasistimu abakhubazekile, nezilawuli zekhibhodi. Inhloso yokusebenza kabusha kwakuwukuhlanganisa ukuklanywa kwezakhi zefomu nokuqeda ukungahambisani kwesitayela.
- Idizayini yesigaba sezilungiselelo "Zobumfihlo Nokuphepha" ishintshiwe. amathuluzi amasha okuphatha ukuphepha. Izilungiselelo manje zitholakala kalula futhi kulula ukuziqonda. Izigaba ezine eziyisisekelo zinikezwa, eziqukethe amathuluzi ahlobene nokusula umlando, ukuphatha Amakhukhi nedatha yesayithi, izindlela zokuphepha nokuvinjelwa noma izimvume eziboshelwe kumasayithi athile. Umsebenzisi angavumela ngokushesha ukuvinjwa kwamakhukhi enkampani yangaphandle kumodi ye-incognito noma wonke amasayithi, noma avimbe wonke amakhukhi kusayithi elithile. Idizayini entsha inikwe amandla kuphela kumasistimu abanye abasebenzisi; abanye bangenza izilungiselelo zisebenze nge-“chrome://flags/#privacy-settings-redesign”.
Izilungiselelo eziqondene nesayithi zihlukaniswe ngamaqembu - ukufinyelela indawo, ikhamera, imakrofoni, izaziso kanye nokuthunyelwa kwedatha yangemuva. Kukhona nesigaba esinezilungiselelo ezengeziwe zokuvimbela i-JavaScript, izithombe nokuqondisa kabusha kumasayithi athile. Isenzo sokugcina somsebenzisi esihlotshaniswa nokushintsha kwezimvume sigqanyiswa ngokwehlukana.
- Kumodi ye-incognito, ngokuzenzakalelayo, ukuvinjwa kwawo wonke Amakhukhi asethwe amasayithi ezinkampani zangaphandle, okuhlanganisa amanethiwekhi okukhangisa nezinhlelo zewebhu zokuhlaziya, kunikwe amandla. Kuphinde kunikezwe isixhumi esibonakalayo esinwetshiwe sokulawula ukufakwa kwamakhukhi kuwebhusayithi. Ukuze ulawule, kunikezwe amafulegi okuthi “chrome://flags/#improved-cookie-controls” kanye ne-“chrome://flags/#improved-cookie-controls-for-third-party-cookie-blocking”. Ngemuva kokuvula imodi, isithonjana esisha siyavela kubha yekheli; lapho uchofoza kuso, inani lamakhukhi avinjiwe liyaboniswa futhi kunikezwa inketho yokukhubaza ukuvinjwa. Ungabona ukuthi imaphi Amakhukhi avunyelwe futhi avinjiwe kusayithi lamanje esigabeni esithi “Amakhukhi” semenyu yokuqukethwe, ebizwa ngokuchofoza uphawu lwengidi kubha yekheli, noma kuzilungiselelo.
- Izilungiselelo zinikeza inkinobho entsha ethi "Ukuhlola ukuphepha", ehlinzeka ngesifinyezo sezinkinga zokuphepha ezingaba khona, njengokusetshenziswa kwamagama ayimfihlo okonakalisiwe, isimo sokuhlola amasayithi anonya (Ukuphequlula Okuphephile), ukuba khona kwezibuyekezo ezingakhishiwe kanye nokuhlonzwa kwesengezo esinonya. -izinto.
- Umphathi wephasiwedi wengeze amandla wonke ama-logins nama-password agciniwe asuka ku-database yama-akhawunti onakalisiwe anesexwayiso esiboniswa uma izinkinga zitholwa (ukuhlola kwenziwa ngokusekelwe ekuhloleni isiqalo se-hashi ngasohlangothini lomsebenzisi; amagama ayimfihlo ngokwawo kanye nama-hashi awo agcwele awadluliselwa ngaphandle). Ukuhlolwa kwenziwa ngokumelene nesizindalwazi esihlanganisa ama-akhawunti onakalisiwe angaphezu kwezigidigidi ezi-4 avele kuzigcinilwazi zabasebenzisi eziputshuziwe. Isexwayiso siyavezwa futhi uma uzama ukusebenzisa amagama ayimfihlo angathi shu njengokuthi "abc123".
- imodi yokuvikela enwetshiwe kumasayithi ayingozi (Ukuphequlula Okuphephile Okuthuthukisiwe), okwenza kusebenze ukuhlola okwengeziwe ukuze kuvikelwe ebugebengwini bobugebengu bokweba imininingwane ebucayi, imisebenzi enonya nezinye izinsongo kuwebhu. Ukuvikela okwengeziwe kuphinde kusetshenziswe ku-akhawunti yakho ye-Google namasevisi e-Google (i-Gmail, iDrayivu, njll.). Uma kumodi Yokuphequlula Okuphephile evamile ukuhlolwa kwenziwa endaweni kusetshenziswa isizindalwazi esilayishwa ngezikhathi ezithile ohlelweni lweklayenti, bese kokuthi Ulwazi Lokuphequlula Okuthuthukisiwe olumayelana namakhasi nokulandiwe ngesikhathi sangempela luthunyelwa kusevisi Yokuphequlula Okuphephile ye-Google ukuze kuqinisekiswe ngasohlangothini lwe-Google, okuyinto ikuvumela ukuthi uphendule ngokushesha ezinsongweni ngokushesha ngemuva kokukhonjwa, ngaphandle kokulinda ukuthi uhlu oluvinjelwe lwasendaweni lubuyekezwe.
Ukusheshisa umsebenzi, isekela ukuhlolwa kwangaphambili ngokumelene nabagunyaziwe, okufaka phakathi ama-hashes ezinkulungwane zamasayithi adumile, athembekile. Uma isayithi elivuliwe lingekho ohlwini olumhlophe, isiphequluli sihlola i-URL kuseva ye-Google, sidlulise amabhithi okuqala angu-32 we-SHA-256 hash yesixhumanisi, lapho kukhishwa khona idatha yomuntu siqu. Ngokusho kwe-Google, indlela entsha ingathuthukisa ukusebenza kwezixwayiso kumasayithi amasha obugebengu bokweba imininingwane ebucayi ngo-30%.
- Esikhundleni sokuphina ngokuzenzakalelayo izithonjana zezengezo eduze kwebha yekheli, kusetshenziswe imenyu entsha, eboniswa isithonjana sendida, esibala zonke izengezo ezitholakalayo namandla azo. Ngemva kokufaka isengezo, umsebenzisi manje kufanele anike amandla ngokusobala isithonjana sokungeza ukuze siphinwe kuphaneli, ngesikhathi esifanayo ehlola izimvume ezinikezwe isengezo. Ukuqinisekisa ukuthi isengezo asilahleki, ngokushesha ngemva kokufaka inkomba iyavezwa enolwazi mayelana nesengezo esisha. Imenyu entsha inikwe amandla ngokuzenzakalela kumaphesenti athile abasebenzisi, abanye bangayinika amandla ngokusebenzisa ukulungiselelwa kwe-“chrome://flags/#extensions-toolbar-menu”.
- Kwengezwe isilungiselelo esithi “chrome://flags/#omnibox-context-menu-show-full-urls”, uma sinikwe amandla, into ethi “Bonisa njalo i-URL egcwele” ivela kumongo wemenyu yebha yekheli, evimbela ukuhlanekezela kwe-URL. Masikhumbule ukuthi ku-Chrome 76 ibha yekheli yahunyushwa ngokuzenzakalelayo ukuze kuboniswe izixhumanisi ngaphandle kokuthi "https://", "http://" kanye no-"www.". Kube khona ukulungiselelwa ukukhubaza lokhu kuziphatha, kodwa ku-Chrome 79 kwasuswa futhi abasebenzisi balahlekelwa amandla okubonisa i-URL egcwele kubha yekheli.
- Kubo bonke abasebenzisi, umsebenzi wokuqoqa ithebhu (“chrome://flags/#tab-groups”) unikwe amandla, okukuvumela ukuthi uhlanganise amathebhu amaningana anezinjongo ezifanayo ube amaqembu ahlukaniswe ngokubonakalayo. Iqembu ngalinye linganikezwa umbala walo kanye negama. Ukwengeza, inketho yokuhlola yokugoqa kanye namaqembu anwetshiwe ihlongoziwe, engakasebenzi kuwo wonke amasistimu. Isibonelo, izindatshana ezimbalwa ezingafundiwe zingagoqeka okwesikhashana, kushiye ilebula kuphela ukuze zingathathi isikhala lapho zizulazula, futhi zibuyele endaweni yazo lapho zibuyela ekufundeni. Ukuze unike amandla imodi, isilungiselelo esiphakanyisiwe sithi “chrome://flags/#tab-groups-collapse”.
- Izexwayiso zinikwa amandla ngokuzenzakalela uma uzama ukwenza kanjalo (ngaphandle kokubethela) amafayela asebenzisekayo ngezixhumanisi ezivela emakhasini e-HTTPS (ku-Chrome 84, ukulandwa kwamafayela asebenzisekayo kuzovinjelwa, futhi isexwayiso sizoqala ukukhishwa ezingoboni zomlando). Kuyaphawulwa ukuthi ukulanda amafayela ngaphandle kokubethela kungasetshenziswa ukwenza umsebenzi omubi ngokufaka esikhundleni okuqukethwe ngesikhathi sokuhlaselwa kwe-MITM. Futhi ukulandwa kwamafayela okuqaliswe kumabhulokhi e-iframe angawodwa.
- Uma usebenzisa i-Adobe Flash, umlayezo oyisixwayiso ungeziwe obonisa ukuthi ukusekelwa kwalobu buchwepheshe kuzophela ngoDisemba 2020.
- Ubuchwepheshe buqalisiwe , okukuvumela ukuthi uvimbele ukukhohlisa kwe-DOM okuholela ekubhalweni kwe-cross-site (DOM XSS), isibonelo, lapho ucubungula ngokungalungile idatha etholwe kumsebenzisi kumabhulokhi eval() noma okufakwayo kokuthi “.innerHTML”, okungaholela ekutheni ikhodi ye-JavaScript ibe yenziwe kumongo wekhasi elithile. Izinhlobo ezithenjwayo zidinga ukucutshungulwa kwangaphambili kwedatha ngaphambi kokuyidlulisela emisebenzini eyingozi. Isibonelo, uma izinhlobo ezithenjiwe zinikwa amandla, ukwenza okuthi "anElement.innerHTML = location.href" kuzoholela ephutheni futhi kudinga ukusetshenziswa kwezinto ezikhethekile ze-TrustedHTML noma i-TrustedScript lapho wabiwa. Ukunika amandla Izinhlobo Ezithenjwayo kwenziwa kusetshenziswa i-CSP (Content-Security-Policy).
- izihloko ezintsha ze-Cross-Origin-Embedder-Policy kanye ne-Cross-Origin-Opener-Policy HTTP ukuze unike amandla imodi ekhethekile yokuhlukanisa imvelaphi ukuze kusetshenziswe okuphephile ekhasini lemisebenzi eyilungelo efana ne-SharedArrayBuffer, Performance.measureMemory() kanye nama-API wokuphrofayilila angenziwa esetshenziselwa ukuhlasela iziteshi eziseceleni njengeSpecter. Imodi yokuhlukanisa imvelaphi ehlukene futhi ayikuvumeli ukuthi uguqule isakhiwo se-document.domain.
- Kuhlongozwa ukuqaliswa okusha kwesistimu yokuhlola ukufinyelela ezinsizeni ngenethiwekhi - OOR-CORS (Out-Of-Renderer Cross-Origin Resource Sharing). Ukuqaliswa okudala kungahlola kuphela izingxenye eziyinhloko zenjini ye-Blink, i-XHR kanye ne-Fetch API, kodwa akuzange kufake izicelo ze-HTTP ezenziwe kwamanye amamojula angaphakathi. Ukuqaliswa okusha kuxazulula le nkinga.
- Ama-API amaningana amasha engeziwe kumodi ye-Origin Trials (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile). I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
- API , okukuvumela ukuthi udale izinhlelo zokusebenza zewebhu ezisebenzisana namafayela ohlelweni lwamafayela wendawo. Isibonelo, i-API entsha ingase idingeke ezindaweni ezihlanganisiwe zokuthuthukiswa okusekelwe kusiphequluli, umbhalo, izithombe nabahleli bevidiyo. Ukuze ukwazi ukubhala ngokuqondile nokufunda amafayela, sebenzisa izingxoxo ukuze uvule futhi ulondoloze amafayela, kanye nokuzulazula ngokuqukethwe kwezinkomba, uhlelo lokusebenza lucela umsebenzisi ukuqinisekiswa okukhethekile;
- Indlela ukulinganisa ukusetshenziswa kwememori lapho ucubungula uhlelo lokusebenza lewebhu noma ikhasi lewebhu. Ingasetshenziselwa ukuhlaziya nokuthuthukisa ukusetshenziswa kwenkumbulo ezinhlelweni zokusebenza zewebhu, kanye nokuhlonza ukwanda okuhlehlayo kokusetshenziswa kwenkumbulo.
- Indlela imisebenzi yokuhlela (i-JavaScript callbacks) enamazinga ahlukene abalulekile (ivimba umsebenzi wabasebenzisi, idale izinguquko ezibonakalayo nomsebenzi wangemuva). Ungasebenzisa into ye-TaskController ukuze uguqule okubalulekile futhi ukhansele imisebenzi.
- API , okuvumela izinhlelo zokusebenza ukuthi zenze izibambi zazo zedatha ezisetshenziswa lapho kufakwa ikhodi futhi kukhishwa amakhodi I-WebRTC MediaStreamTrack. Isibonelo, i-API ingasetshenziselwa ukunikeza ukubethela ngasemaphethelweni kwemifudlana esakazwa ngeseva yezokuthutha.
- I-API eyengeziwe ukukhomba nokukhipha amabhakhodi esithombeni esithile. I-API isebenza kuphela kumadivayisi e-Android ane-Google Play Services efakiwe.
- Kwengezwe i-meta tag , okuvumela isayithi ukuthi linikeze ukusekela okugcwele kwetimu emnyama ngaphandle kokusebenzisa ukuguqulwa kwe-CSS.
- Kwengezwe amandla okusebenzisa amamojula e-JavaScript ku .
- Ku-IndexedDB impikiswano entsha yengeziwe
"ukuqina", okuvumela ukuthi ulawule ukusetha kabusha idatha kudrayivu. Ngokudlulisa inani "elikhululekile" esikhundleni semodi "eqinile", ungadela ukwethembeka ngenxa yokusebenza (ngaphambilini i-Chrome yayihlala ishintsha idatha kudiski ngemva kokubhala okwenziwayo ngakunye). - Kungezwe umsebenzi othi @supports ku-selector() ukukuvumela ukuthi uthole ubukhona bezikhethi ze-CSS (isibonelo, ungakwazi ukuhlola kuqala ukutholakala kwesikhethi ngaphambi kokubopha izitayela ze-CSS kuso).
@isekela isikhethi(::ngaphambili) {
div {ingemuva: eluhlaza };
} - Nge-Intl.DateTimeFormat Isici se-fractionalSecondDigits ukuze ulungiselele ifomethi yokubonisa yamasekhondi engxenye.
- injini v8 ukulandelela i-ArrayBuffer kumqoqi wezibi. Amamojula e-WebAssembly avunyelwe ukucela kufikela ku-4 GB wememori.
- amathuluzi amasha onjiniyela bewebhu. Isibonelo, imodi ibonakala ilingisa umbono wekhasi ngabantu abangaboni kahle kanye nezinhlobo ezahlukene zokungaboni umbala. Imodi yokulingisa izinguquko zesifunda nayo yengeziwe, ukushintsha okuthinta i-API Intl.*, *.prototype.toLocaleString, navigator.language, Accept-Language, njll.
I-COEP (Cross-Origin Embedder Policy) isilungisimaphutha sengezwe kusixhumi esibonakalayo sokuhlola umsebenzi wenethiwekhi, okukuvumela ukuthi uhlole izizathu zokuvimbela ukulayishwa kwezinsiza ezithile kunethiwekhi. Kwengezwe igama elingukhiye lendlela yekhukhi ukuze kuhlungwe izicelo lapho i-Cookie iboshelwe kokuthile .
Kwengezwe imodi yokuphina yamathuluzi kanjiniyela ohlangothini lwesobunxele lwesikrini.
Isixhumi esibonakalayo sokulandelela ikhodi ye-JavaScript esebenze isikhathi eside siklanywe kabusha.
- Ngenxa ye-COVID-19, ezinye izinguquko ezihleliwe zihlehlisiwe. Ngokwesibonelo, ikhodi yokusebenza ne-FTP kuze kube phakade. ukwesekwa kwemithetho elandelwayo ye-TLS 1.0/1.1 ngaphambi kokukhishwa kwe-Chrome 84. Ekuqaleni
ukusekela okokuhlonza Amacebo Eklayenti (okuhlukile kokuthi Umenzeli Womsebenzisi) futhi kuze kufike ku-Chrome 84. Sebenza kuhlehliselwe unyaka ozayo.
Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha iyaqeda . Ubungozi obuningi buhlonzwe njengomphumela wokuhlola okuzenzakalelayo ngamathuluzi , , , и . Azikho izinkinga ezibucayi ezitholiwe ezingavumela umuntu ukuthi adlule wonke amazinga okuvikela isiphequluli futhi akhiphe ikhodi kusistimu engaphandle kwendawo ye-sandbox. Njengengxenye yohlelo lokuklomelisa ngemali yokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engama-28 ebiza u-$76 20000 (umklomelo owodwa ongu-$10000, umklomelo owodwa ka-$7500, imiklomelo emibili engu-$5000, imiklomelo emibili engu-$3000, imiklomelo emibili engu-$2000, imiklomelo emibili engu-$1000, imibili kanye nemiklomelo eyisishiyagalombili yama-$500). Usayizi wemiklomelo eyi-7 awukakanqunywa.
Source: opennet.ru