Google
-
Yaqala ukufakwa kwenqwabaI-DNS ngemodi ye-HTTPS (DoH, DNS phezu kwe-HTTPS) kumasistimu omsebenzisi lawo izilungiselelo zawo zesistimu zicacisa abahlinzeki be-DNS abasekela i-DoH (i-DoH yomhlinzeki ofanayo we-DNS izonikwa amandla). Isibonelo, uma umsebenzisi ene-DNS 8.8.8.8 ecaciswe kuzilungiselelo zesistimu, isevisi ye-DoH ye-Google (“https://dns.google.com/dns-query”) izokwenziwa isebenze ku-Chrome; uma i-DNS ithi 1.1.1.1. XNUMX, bese kuba yisevisi ye-DoH Cloudflare (“https://cloudflare-dns.com/dns-query”), njll. Ukuze kuqedwe izinkinga ekuxazululeni ama-intranethi ezinkampani, i-DoH ayisetshenziswa uma kunqunywa ukusetshenziswa kwesiphequluli kumasistimu aphethwe emaphakathi. I-DoH iphinde ingasebenzi uma izinhlelo zokulawula zabazali zikhona.
Ukulawula ukusebenza kwe-DoH kanye nokushintsha umhlinzeki we-DoH kwenziwa nge-configurator ejwayelekile. - Kuphakanyisiwe
okusha imvumeizakhi amafomu ewebhu alungiselelwe ukusetshenziswa ezikrinini zokuthinta kanye nezinhlelo zabantu abakhubazekile. Idizayini yathuthukiswa yi-Microsoft njengengxenye yokuthuthukiswa kwesiphequluli se-Edge futhi yadluliselwa kusisekelo sekhodi ye-Chromium eyinhloko. Ngaphambilini, ezinye izakhi zefomu zaziklanyelwe ukufanisa izici zesistimu yokusebenza, futhi ezinye zaziklanyelwe ukufanisa izitayela ezidume kakhulu. Ngenxa yalokhu, ama-elementi ahlukene ayefaneleka ngendlela ehlukile ezikrinini zokuthintwa, amasistimu abakhubazekile, nezilawuli zekhibhodi. Inhloso yokusebenza kabusha kwakuwukuhlanganisa ukuklanywa kwezakhi zefomu nokuqeda ukungahambisani kwesitayela. - Idizayini yesigaba sezilungiselelo "Zobumfihlo Nokuphepha" ishintshiwe.
kwengezwe amathuluzi amasha okuphatha ukuphepha. Izilungiselelo manje zitholakala kalula futhi kulula ukuziqonda. Izigaba ezine eziyisisekelo zinikezwa, eziqukethe amathuluzi ahlobene nokusula umlando, ukuphatha Amakhukhi nedatha yesayithi, izindlela zokuphepha nokuvinjelwa noma izimvume eziboshelwe kumasayithi athile. Umsebenzisi angavumela ngokushesha ukuvinjwa kwamakhukhi enkampani yangaphandle kumodi ye-incognito noma wonke amasayithi, noma avimbe wonke amakhukhi kusayithi elithile. Idizayini entsha inikwe amandla kuphela kumasistimu abanye abasebenzisi; abanye bangenza izilungiselelo zisebenze nge-“chrome://flags/#privacy-settings-redesign”.Izilungiselelo eziqondene nesayithi zihlukaniswe ngamaqembu - ukufinyelela indawo, ikhamera, imakrofoni, izaziso kanye nokuthunyelwa kwedatha yangemuva. Kukhona nesigaba esinezilungiselelo ezengeziwe zokuvimbela i-JavaScript, izithombe nokuqondisa kabusha kumasayithi athile. Isenzo sokugcina somsebenzisi esihlotshaniswa nokushintsha kwezimvume sigqanyiswa ngokwehlukana.
- Kumodi ye-incognito, ngokuzenzakalelayo, ukuvinjwa kwawo wonke Amakhukhi asethwe amasayithi ezinkampani zangaphandle, okuhlanganisa amanethiwekhi okukhangisa nezinhlelo zewebhu zokuhlaziya, kunikwe amandla. Kuphinde kunikezwe isixhumi esibonakalayo esinwetshiwe sokulawula ukufakwa kwamakhukhi kuwebhusayithi. Ukuze ulawule, kunikezwe amafulegi okuthi “chrome://flags/#improved-cookie-controls” kanye ne-“chrome://flags/#improved-cookie-controls-for-third-party-cookie-blocking”. Ngemuva kokuvula imodi, isithonjana esisha siyavela kubha yekheli; lapho uchofoza kuso, inani lamakhukhi avinjiwe liyaboniswa futhi kunikezwa inketho yokukhubaza ukuvinjwa. Ungabona ukuthi imaphi Amakhukhi avunyelwe futhi avinjiwe kusayithi lamanje esigabeni esithi “Amakhukhi” semenyu yokuqukethwe, ebizwa ngokuchofoza uphawu lwengidi kubha yekheli, noma kuzilungiselelo.
- Izilungiselelo zinikeza inkinobho entsha ethi "Ukuhlola ukuphepha", ehlinzeka ngesifinyezo sezinkinga zokuphepha ezingaba khona, njengokusetshenziswa kwamagama ayimfihlo okonakalisiwe, isimo sokuhlola amasayithi anonya (Ukuphequlula Okuphephile), ukuba khona kwezibuyekezo ezingakhishiwe kanye nokuhlonzwa kwesengezo esinonya. -izinto.
- Umphathi wephasiwedi wengeze amandla
проверки wonke ama-logins nama-password agciniwe asuka ku-database yama-akhawunti onakalisiwe anesexwayiso esiboniswa uma izinkinga zitholwa (ukuhlola kwenziwa ngokusekelwe ekuhloleni isiqalo se-hashi ngasohlangothini lomsebenzisi; amagama ayimfihlo ngokwawo kanye nama-hashi awo agcwele awadluliselwa ngaphandle). Ukuhlolwa kwenziwa ngokumelene nesizindalwazi esihlanganisa ama-akhawunti onakalisiwe angaphezu kwezigidigidi ezi-4 avele kuzigcinilwazi zabasebenzisi eziputshuziwe. Isexwayiso siyavezwa futhi uma uzama ukusebenzisa amagama ayimfihlo angathi shu njengokuthi "abc123". -
Kuthunyelwe ngu- imodi yokuvikela enwetshiwe kumasayithi ayingozi (Ukuphequlula Okuphephile Okuthuthukisiwe), okwenza kusebenze ukuhlola okwengeziwe ukuze kuvikelwe ebugebengwini bobugebengu bokweba imininingwane ebucayi, imisebenzi enonya nezinye izinsongo kuwebhu. Ukuvikela okwengeziwe kuphinde kusetshenziswe ku-akhawunti yakho ye-Google namasevisi e-Google (i-Gmail, iDrayivu, njll.). Uma kumodi Yokuphequlula Okuphephile evamile ukuhlolwa kwenziwa endaweni kusetshenziswa isizindalwazi esilayishwa ngezikhathi ezithile ohlelweni lweklayenti, bese kokuthi Ulwazi Lokuphequlula Okuthuthukisiwe olumayelana namakhasi nokulandiwe ngesikhathi sangempela luthunyelwa kusevisi Yokuphequlula Okuphephile ye-Google ukuze kuqinisekiswe ngasohlangothini lwe-Google, okuyinto ikuvumela ukuthi uphendule ngokushesha ezinsongweni ngokushesha ngemuva kokukhonjwa, ngaphandle kokulinda ukuthi uhlu oluvinjelwe lwasendaweni lubuyekezwe.Ukusheshisa umsebenzi, isekela ukuhlolwa kwangaphambili ngokumelene nabagunyaziwe, okufaka phakathi ama-hashes ezinkulungwane zamasayithi adumile, athembekile. Uma isayithi elivuliwe lingekho ohlwini olumhlophe, isiphequluli sihlola i-URL kuseva ye-Google, sidlulise amabhithi okuqala angu-32 we-SHA-256 hash yesixhumanisi, lapho kukhishwa khona idatha yomuntu siqu. Ngokusho kwe-Google, indlela entsha ingathuthukisa ukusebenza kwezixwayiso kumasayithi amasha obugebengu bokweba imininingwane ebucayi ngo-30%.
- Esikhundleni sokuphina ngokuzenzakalelayo izithonjana zezengezo eduze kwebha yekheli, kusetshenziswe imenyu entsha, eboniswa isithonjana sendida, esibala zonke izengezo ezitholakalayo namandla azo. Ngemva kokufaka isengezo, umsebenzisi manje kufanele anike amandla ngokusobala isithonjana sokungeza ukuze siphinwe kuphaneli, ngesikhathi esifanayo ehlola izimvume ezinikezwe isengezo. Ukuqinisekisa ukuthi isengezo asilahleki, ngokushesha ngemva kokufaka inkomba iyavezwa enolwazi mayelana nesengezo esisha. Imenyu entsha inikwe amandla ngokuzenzakalela kumaphesenti athile abasebenzisi, abanye bangayinika amandla ngokusebenzisa ukulungiselelwa kwe-“chrome://flags/#extensions-toolbar-menu”.
- Kwengezwe isilungiselelo esithi “chrome://flags/#omnibox-context-menu-show-full-urls”, uma sinikwe amandla, into ethi “Bonisa njalo i-URL egcwele” ivela kumongo wemenyu yebha yekheli, evimbela ukuhlanekezela kwe-URL. Masikhumbule ukuthi ku-Chrome 76 ibha yekheli yahunyushwa ngokuzenzakalelayo ukuze kuboniswe izixhumanisi ngaphandle kokuthi "https://", "http://" kanye no-"www.". Kube khona ukulungiselelwa ukukhubaza lokhu kuziphatha, kodwa ku-Chrome 79 kwasuswa futhi abasebenzisi balahlekelwa amandla okubonisa i-URL egcwele kubha yekheli.
- Kubo bonke abasebenzisi, umsebenzi wokuqoqa ithebhu (“chrome://flags/#tab-groups”) unikwe amandla, okukuvumela ukuthi uhlanganise amathebhu amaningana anezinjongo ezifanayo ube amaqembu ahlukaniswe ngokubonakalayo. Iqembu ngalinye linganikezwa umbala walo kanye negama. Ukwengeza, inketho yokuhlola yokugoqa kanye namaqembu anwetshiwe ihlongoziwe, engakasebenzi kuwo wonke amasistimu. Isibonelo, izindatshana ezimbalwa ezingafundiwe zingagoqeka okwesikhashana, kushiye ilebula kuphela ukuze zingathathi isikhala lapho zizulazula, futhi zibuyele endaweni yazo lapho zibuyela ekufundeni. Ukuze unike amandla imodi, isilungiselelo esiphakanyisiwe sithi “chrome://flags/#tab-groups-collapse”.
- Izexwayiso zinikwa amandla ngokuzenzakalela uma uzama ukwenza kanjalo
ibhuthi engaphephile (ngaphandle kokubethela) amafayela asebenzisekayo ngezixhumanisi ezivela emakhasini e-HTTPS (ku-Chrome 84, ukulandwa kwamafayela asebenzisekayo kuzovinjelwa, futhi isexwayiso sizoqala ukukhishwa ezingoboni zomlando). Kuyaphawulwa ukuthi ukulanda amafayela ngaphandle kokubethela kungasetshenziswa ukwenza umsebenzi omubi ngokufaka esikhundleni okuqukethwe ngesikhathi sokuhlaselwa kwe-MITM. Futhiakuvunyelwe ukulandwa kwamafayela okuqaliswe kumabhulokhi e-iframe angawodwa. - Uma usebenzisa i-Adobe Flash, umlayezo oyisixwayiso ungeziwe obonisa ukuthi ukusekelwa kwalobu buchwepheshe kuzophela ngoDisemba 2020.
- Ubuchwepheshe buqalisiwe
Izinhlobo ezethenjwayo , okukuvumela ukuthi uvimbele ukukhohlisa kwe-DOM okuholela ekubhalweni kwe-cross-site (DOM XSS), isibonelo, lapho ucubungula ngokungalungile idatha etholwe kumsebenzisi kumabhulokhi eval() noma okufakwayo kokuthi “.innerHTML”, okungaholela ekutheni ikhodi ye-JavaScript ibe yenziwe kumongo wekhasi elithile. Izinhlobo ezithenjwayo zidinga ukucutshungulwa kwangaphambili kwedatha ngaphambi kokuyidlulisela emisebenzini eyingozi. Isibonelo, uma izinhlobo ezithenjiwe zinikwa amandla, ukwenza okuthi "anElement.innerHTML = location.href" kuzoholela ephutheni futhi kudinga ukusetshenziswa kwezinto ezikhethekile ze-TrustedHTML noma i-TrustedScript lapho wabiwa. Ukunika amandla Izinhlobo Ezithenjwayo kwenziwa kusetshenziswa i-CSP (Content-Security-Policy). -
Kwengeziwe izihloko ezintsha ze-Cross-Origin-Embedder-Policy kanye ne-Cross-Origin-Opener-Policy HTTP ukuze unike amandla imodi ekhethekile yokuhlukanisa imvelaphi ukuze kusetshenziswe okuphephile ekhasini lemisebenzi eyilungelo efana ne-SharedArrayBuffer, Performance.measureMemory() kanye nama-API wokuphrofayilila angenziwa esetshenziselwa ukuhlasela iziteshi eziseceleni njengeSpecter. Imodi yokuhlukanisa imvelaphi ehlukene futhi ayikuvumeli ukuthi uguqule isakhiwo se-document.domain. - Kuhlongozwa ukuqaliswa okusha kwesistimu yokuhlola ukufinyelela ezinsizeni ngenethiwekhi - OOR-CORS (Out-Of-Renderer Cross-Origin Resource Sharing). Ukuqaliswa okudala kungahlola kuphela izingxenye eziyinhloko zenjini ye-Blink, i-XHR kanye ne-Fetch API, kodwa akuzange kufake izicelo ze-HTTP ezenziwe kwamanye amamojula angaphakathi. Ukuqaliswa okusha kuxazulula le nkinga.
- Ama-API amaningana amasha engeziwe kumodi ye-Origin Trials (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile). I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
- API
Isistimu Yefayela Yomdabu , okukuvumela ukuthi udale izinhlelo zokusebenza zewebhu ezisebenzisana namafayela ohlelweni lwamafayela wendawo. Isibonelo, i-API entsha ingase idingeke ezindaweni ezihlanganisiwe zokuthuthukiswa okusekelwe kusiphequluli, umbhalo, izithombe nabahleli bevidiyo. Ukuze ukwazi ukubhala ngokuqondile nokufunda amafayela, sebenzisa izingxoxo ukuze uvule futhi ulondoloze amafayela, kanye nokuzulazula ngokuqukethwe kwezinkomba, uhlelo lokusebenza lucela umsebenzisi ukuqinisekiswa okukhethekile; - Indlela
I-Performance.measureMemory() ukulinganisa ukusetshenziswa kwememori lapho ucubungula uhlelo lokusebenza lewebhu noma ikhasi lewebhu. Ingasetshenziselwa ukuhlaziya nokuthuthukisa ukusetshenziswa kwenkumbulo ezinhlelweni zokusebenza zewebhu, kanye nokuhlonza ukwanda okuhlehlayo kokusetshenziswa kwenkumbulo. - Indlela
I-Scheduler.postTask() Ebekwe Eqhulwini imisebenzi yokuhlela (i-JavaScript callbacks) enamazinga ahlukene abalulekile (ivimba umsebenzi wabasebenzisi, idale izinguquko ezibonakalayo nomsebenzi wangemuva). Ungasebenzisa into ye-TaskController ukuze uguqule okubalulekile futhi ukhansele imisebenzi. - API
I-WebRTC Insetable Streams , okuvumela izinhlelo zokusebenza ukuthi zenze izibambi zazo zedatha ezisetshenziswa lapho kufakwa ikhodi futhi kukhishwa amakhodi I-WebRTC MediaStreamTrack. Isibonelo, i-API ingasetshenziselwa ukunikeza ukubethela ngasemaphethelweni kwemifudlana esakazwa ngeseva yezokuthutha.
- API
- I-API eyengeziwe
Ukutholwa kwebhakhodi ukukhomba nokukhipha amabhakhodi esithombeni esithile. I-API isebenza kuphela kumadivayisi e-Android ane-Google Play Services efakiwe. - Kwengezwe i-meta tag
uhlelo lombala , okuvumela isayithi ukuthi linikeze ukusekela okugcwele kwetimu emnyama ngaphandle kokusebenzisa ukuguqulwa kwe-CSS. - Kwengezwe amandla okusebenzisa amamojula e-JavaScript ku
isisebenzi esihlanganyelwe . - Ku-IndexedDB
IBDDatabase.transaction() impikiswano entsha yengeziwe
"ukuqina", okuvumela ukuthi ulawule ukusetha kabusha idatha kudrayivu. Ngokudlulisa inani "elikhululekile" esikhundleni semodi "eqinile", ungadela ukwethembeka ngenxa yokusebenza (ngaphambilini i-Chrome yayihlala ishintsha idatha kudiski ngemva kokubhala okwenziwayo ngakunye). - Kungezwe umsebenzi othi @supports ku-selector() ukukuvumela ukuthi uthole ubukhona bezikhethi ze-CSS (isibonelo, ungakwazi ukuhlola kuqala ukutholakala kwesikhethi ngaphambi kokubopha izitayela ze-CSS kuso).
@isekela isikhethi(::ngaphambili) {
div {ingemuva: eluhlaza };
} - Nge-Intl.DateTimeFormat
kwengezwe Isici se-fractionalSecondDigits ukuze ulungiselele ifomethi yokubonisa yamasekhondi engxenye. - injini v8
usheshisiwe ukulandelela i-ArrayBuffer kumqoqi wezibi. Amamojula e-WebAssembly avunyelwe ukucela kufikela ku-4 GB wememori. -
Kwengeziwe amathuluzi amasha onjiniyela bewebhu. Isibonelo, imodi ibonakala ilingisa umbono wekhasi ngabantu abangaboni kahle kanye nezinhlobo ezahlukene zokungaboni umbala. Imodi yokulingisa izinguquko zesifunda nayo yengeziwe, ukushintsha okuthinta i-API Intl.*, *.prototype.toLocaleString, navigator.language, Accept-Language, njll.I-COEP (Cross-Origin Embedder Policy) isilungisimaphutha sengezwe kusixhumi esibonakalayo sokuhlola umsebenzi wenethiwekhi, okukuvumela ukuthi uhlole izizathu zokuvimbela ukulayishwa kwezinsiza ezithile kunethiwekhi. Kwengezwe igama elingukhiye lendlela yekhukhi ukuze kuhlungwe izicelo lapho i-Cookie iboshelwe kokuthile
izindlela .Kwengezwe imodi yokuphina yamathuluzi kanjiniyela ohlangothini lwesobunxele lwesikrini.
Isixhumi esibonakalayo sokulandelela ikhodi ye-JavaScript esebenze isikhathi eside siklanywe kabusha.
- Ngenxa ye-COVID-19, ezinye izinguquko ezihleliwe zihlehlisiwe. Ngokwesibonelo,
ukususwa ikhodi yokusebenza ne-FTPihlelwe kabusha kuze kube phakade.Ukuxhuma ukwesekwa kwemithetho elandelwayo ye-TLS 1.0/1.1kuhlehlisiwe ngaphambi kokukhishwa kwe-Chrome 84. Ekuqaleni
ukusekela okokuhlonza Amacebo Eklayenti (okuhlukile kokuthi Umenzeli Womsebenzisi) futhikuhlehlisiwe kuze kufike ku-Chrome 84. SebenzaUkuhlanganiswa komenzeli womsebenzisi kuhlehliselwe unyaka ozayo.
Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha iyaqeda
Source: opennet.ru