Google ukukhishwa kwesiphequluli sewebhu ... Kanyekanye ukukhishwa okuzinzile kwephrojekthi yamahhala , esebenza njengesisekelo se-Chrome. Isiphequluli se-Chrome ukusetshenziswa kwezimpawu ze-Google, ukuba khona kwesistimu yokuthumela izaziso uma kwenzeka ingozi, ikhono lokulanda imojula ye-Flash uma ucelwa, amamojula wokudlala okuqukethwe kwevidiyo evikelekile (DRM), uhlelo lokufaka ngokuzenzakalelayo izibuyekezo kanye nokudlulisa ngesikhathi sokusesha . Ukukhishwa okulandelayo kwe-Chrome 85 kuhlelelwe u-Agasti 25.
:
- ukwesekwa kwephrothokholi ye-TLS 1.0 ne-TLS 1.1. Ukuze ufinyelele amasayithi ngeshaneli yokuxhumana evikelekile, iseva kufanele inikeze ukusekela okungenani kwe-TLS 1.2, ngaphandle kwalokho isiphequluli manje sizobonisa iphutha. Ngokusho kwe-Google, okwamanje cishe u-0.5% wokulandwa kwamakhasi ewebhu kusaqhubeka ukwenziwa kusetshenziswa izinguqulo eziphelelwe yisikhathi ze-TLS. Ukuvala shaqa kwenziwe ngokuvumelana I-IETF (I-Internet Engineering Task Force). Isizathu sokwenqaba i-TLS 1.0/1.1 ukuntula ukusekelwa kwama-ciphers esimanje (isibonelo, i-ECDHE ne-AEAD) kanye nemfuneko yokusekela ama-ciphers amadala, ukuthembeka kwawo okungatshazwa kulesi sigaba samanje sokuthuthukiswa kobuchwepheshe bekhompyutha (isibonelo. , usekelo lwe-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA luyadingeka, i-MD5 ne-SHA-1). Isilungiselelo esivumela ukubuyiselwa ku-TLS 1.0/1.1 sizogcinwa kuze kube nguJanuwari 2021.
- Ukuvinjwa kuhlinzekiwe (ngaphandle kokubethela) kwamafayela asebenzisekayo nezixwayiso ezingeziwe lapho kulayishwa izingobo zomlando ngokungaphephile. Ngokuzayo, kuhlelwe ukuthi kancane kancane iyeke ukusekela ukulayisha ifayela ngaphandle kokubethela. Ukuvimbela kwenziwa ngoba ukulanda amafayela ngaphandle kokubethela kungasetshenziswa ukwenza izenzo ezinonya ngokufaka okuqukethwe esikhundleni sokuhlasela kwe-MITM.
- ukwesekwa kokuqala , ithuthukiswe njengenye indlela yesihloko somenzeli womsebenzisi. Indlela Yamacebiso Eklayenti inikeza uchungechunge lwezihloko ze-“Sec-CH-UA-*” esikhundleni Se-User-Agent, ekuvumela ukuthi uhlele ukulethwa okukhethiwe kwedatha mayelana nemingcele ethile yesiphequluli nesistimu (inguqulo, inkundla, njll.) kuphela ngemva kwesicelo seseva. Umsebenzisi uthola ithuba lokunquma ukuthi yimiphi imingcele eyamukelekayo ukulethwa futhi ngokukhetha anikeze ulwazi olunjalo kubanikazi besayithi. Uma usebenzisa Amacebo Eklayenti, isihlonzi asidluliswa ngokuzenzakalelayo ngaphandle kwesicelo esicacile, okwenza ukuhlonza okungenzi lutho kungenzeki (ngokuzenzakalelayo, kuboniswa igama lesiphequluli kuphela). on kuze kube unyaka ozayo.
- kusebenze
eqinile ukudluliswa kwamakhukhi phakathi kwamasayithi, okwakukhona ngenxa ye-COVID-19. Ngezicelo ezingezona eze-HTTPS, ukucutshungulwa kwamakhukhi ezinkampani zangaphandle asethwe lapho ufinyelela amasayithi ngaphandle kwesizinda sekhasi lamanje akuvunyelwe. Amakhukhi anjalo asetshenziselwa ukulandelela ukunyakaza kwabasebenzisi phakathi kwamasayithi kukhodi yamanethiwekhi okukhangisa, amawijethi enethiwekhi yokuxhumana nomphakathi kanye nezinhlelo zokuhlaziya iwebhu.Khumbula ukuthi ukuze kulawulwe ukudluliswa kwamakhukhi, isibaluli se-SameSite esishiwo kusihloko se-Set-Cookie siyasetshenziswa, okuyothi ngokuzenzakalelayo sisethelwe inani elithi “SameSite=Lax”, elikhawulela ukuthunyelwa kwamakhukhile ezicelweni ezingaphansi zamasayithi ahlukene. , njengesicelo sesithombe noma ukulayisha okuqukethwe nge-iframe evela kwenye isayithi. Amasayithi angakwazi ukukhipha ukuziphatha okuzenzakalelayo kwe-SameSite ngokubeka ngokusobala ukulungiselelwa kwekhukhi ku-SameSite=None. Ngaphezu kwalokho, inani SameSite=None for Cookie lingasethwa kuphela kumodi Evikelekile (ivumelekile ekuxhumekeni nge-HTTPS). Ushintsho luzokhishwa ngezigaba, kuqala ngephesenti elincane labasebenzisi bese kancane kancane lwandise ukufinyelela kwalo.
- Ukuqaliswa kokuhlola kwengeziwe , enganikwa amandla kusetshenziswa isilungiselelo se-“chrome://flags/#enable-heavy-ad-intervention”. Isivimbeli sikuvumela ukuthi ukhubaze ngokuzenzakalela amabhulokhi wokukhangisa we-iframe ngemuva kokuthi ithrafikhi kanye nomkhawulo wokulayisha we-CPU weqiwe. Ukuvinjwa kuzoqalwa uma intambo eyinhloko idle ngaphezu kwamasekhondi angu-60 esikhathi se-CPU isiyonke noma imizuzwana engu-15 esikhawulweni samasekhondi angu-30 (idla u-50% wezinsiza imizuzwana engu-30), kanye nalapho ingaphezu kuka-4 MB. yedatha ilandwe ngenethiwekhi.
Ukuvinjwa kuzosebenza kuphela uma, ngaphambi kokuba kudlule imingcele, umsebenzisi akazange ahlanganyele neyunithi yokukhangisa (ngokwesibonelo, engazange ayichofoze), okuthi, kucatshangelwa imikhawulo yethrafikhi, izovumela ukudlalwa ngokuzenzakalela kokukhulu. amavidiyo ezikhangisweni azovinjwa ngaphandle kokuthi umsebenzisi enze kusebenze ngokusobala ukudlala. Izinyathelo ezihlongozwayo zizosindisa abasebenzisi ekukhangiseni ngokusebenzisa ikhodi engasebenzi kahle noma umsebenzi owenziwe ngamabomu wezinambuzane (isibonelo, izimayini). Ngokwezibalo ze-Google, ukukhangisa okuhlangabezana nemibandela yokuvimbela kwenza kuphela u-0.30% wawo wonke amayunithi okukhangisa, kodwa ngesikhathi esifanayo, ukufakwa okunjalo kokukhangisa kudla u-28% wezinsiza ze-CPU kanye no-27% wethrafikhi kusuka kumthamo ophelele wokukhangisa.
- Kwenziwe umsebenzi wokunciphisa ukusetshenziswa kwensiza ye-CPU lapho iwindi lesiphequluli lingekho emkhakheni wokubuka wabasebenzisi. I-Chrome manje ihlola ukuthi ingabe iwindi lesiphequluli ligqitshwe ngamanye amawindi futhi ivimbela ukudweba amaphikseli ezindaweni ezigqagqene. Isici esisha sizokhishwa kancane kancane: ukwenza kahle kuzonikwa amandla ngokukhetha kwabanye abasebenzisi ku-Chrome 84, nakwabanye ku-Chrome 85.
- Ukuvikela kunikwe amandla ngokuzenzakalela , isibonelo, ugaxekile onezicelo zokuthola izaziso zohlelo lokusebenza. Njengoba izicelo ezinjalo ziphazamisa umsebenzi womsebenzisi futhi ziphazamisa ukunaka ezenzweni zezingxoxo zokuqinisekisa, esikhundleni sengxoxo ehlukile kubha yekheli, ukwaziswa kolwazi okungadingi senzo esivela kumsebenzisi kuzoboniswa ngesexwayiso sokuthi isicelo sezimvume sivinjiwe. , encishiswa ngokuzenzakalelayo ibe inkomba enesithombe sensimbi enqanyuliwe. Ngokuchofoza inkomba, ungenza kusebenze noma wenqabe imvume eceliwe nganoma yisiphi isikhathi esikahle.
- Ukukhetha komsebenzisi kukhunjulwa lapho kuvulwa izibambi zezivumelwano zangaphandle - umsebenzisi angakhetha “ukuvumela njalo leli sayithi” kusibambi esithile futhi isiphequluli sizokhumbula lesi sinqumo ngokuhlobene nesayithi lamanje.
- Ukuvikela okungeziwe ekushintsheni izilungiselelo zomsebenzisi ngaphandle kwemvume esobala. Uma isengezo sishintsha injini yokusesha ezenzakalelayo noma ikhasi eliboniswa kuthebhu entsha, isiphequluli manje sizobonisa ibhokisi likucela ukuthi uqinisekise ukusebenza okucacisiwe noma ukhansele ushintsho.
- ukuqaliswa kokuvikela ekulayisheni okuqukethwe kwe-multimedia exubile (uma izinsiza zilayishwa ekhasini le-HTTPS nge-http:// protocol). Emakhasini avulwe nge-HTTPS, izixhumanisi ze-“http://” manje sezizothathelwa indawo ngokuzenzakalelayo ngokuthi “https://” kumabhulokhi ahlotshaniswa nokulayisha izithombe (izikripthi nama-iframe ashintshiwe ngaphambilini, ukushintshwa okuzenzakalelayo kwezisetshenziswa zomsindo nevidiyo kulindeleke ukuthi ukukhululwa okulandelayo). Uma isithombe singatholakali nge-https, khona-ke ukulandwa kwaso kuvinjiwe (ungakwazi ukumaka mathupha ukuvinjwa ngemenyu etholakala ngophawu lwelokhi kubha yekheli).
- Usekelo lwe-API olungeziwe (yakhiwe njenge-SMS Receiver API), ekuvumela ukuthi uhlele ukufakwa kwephasiwedi yesikhathi esisodwa ekhasini lewebhu ngemuva kokuthola umlayezo we-SMS onekhodi yokuqinisekisa elethwe ku-smartphone ye-Android yomsebenzisi lapho isiphequluli sisebenza khona. Ukuqinisekiswa kwe-SMS, isibonelo, kungasetshenziswa ukuze kuqinisekiswe inombolo yocingo eshiwo umsebenzisi ngesikhathi sokubhalisa. Uma ngaphambilini umsebenzisi bekumele avule uhlelo lokusebenza lwe-SMS, kopisha ikhodi kuyo ebhodini lokunamathisela, abuyele esipheqululini futhi anamathisele le khodi, bese i-API entsha yenza kube nokwenzeka ukwenza le nqubo ngokuzenzakalelayo futhi inciphise ukuthinta okukodwa.
- I-API inwetshiwe
ukuze ulawule ukudlalwa kokugqwayiza kwewebhu. Ukukhishwa okusha kungeza usekelo lwemisebenzi yokuhlanganisa, okukuvumela ukuthi ulawule ukuthi imithelela ihlanganiswa kanjani futhi unikeze izibambi ezintsha ezibizwa lapho imicimbi yokushintsha okuqukethwe kwenzeka. I-Web Animations API nayo manje isisekela iSithembiso ukuze sichaze indlela ukugqwayiza okuboniswa ngayo nokulawula kangcono ukuthi ukugqwayiza kusebenzisana kanjani nezinye izici zohlelo lokusebenza. - Ama-API amaningana amasha engeziwe kumodi ye-Origin Trials (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile). I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
- API ukuze isisebenzi sesevisi sifinyelele amakhukhi e-HTTP, asebenza njengenye indlela engahambisani nokusebenzisa idokhumenti.cookie.
- API ukuthola ukungasebenzi komsebenzisi, okukuvumela ukuthi uthole isikhathi lapho umsebenzisi angasebenzisani nekhibhodi/igundane, isilondolozi sesikrini siyasebenza, isikrini sikhiyiwe, noma umsebenzi wenziwa kwesinye isiqaphi. Ukwazisa isicelo mayelana nokungasebenzi kwenziwa ngokuthumela isaziso ngemva kokufinyelela umkhawulo othile wokungasebenzi.
- Imodi , ivumela umthuthukisi ukuthi asebenzise ukuhlukaniswa okuphelele okwengeziwe kokucubungula okuqukethwe ngenqubo ehlukile ngokuhlobene nomthombo (umsuka - isizinda + port + protocol), esikhundleni sesayithi, ngezindleko zokuyeka ukusekelwa kwezinye izici zefa, njengokuvumelanisa. ukukhishwa kweskripthi kusetshenziswa i-document.domain kanye nokubiza i-postMessage() ukuthumela imilayezo kuzimo ze-WebAssembly.Module. Ngamanye amazwi, i-Origin Isolation ikuvumela ukuthi uhlele ukuhlukaniswa phakathi kwezinqubo ezahlukene ngokusekelwe esizindeni sensiza, hhayi isayithi elinakho konke ukufakwa ngaphandle emakhasini.
- API ngokusebenzisa imiyalelo ye-vector ye-SIMD ezinhlelweni zokusebenza ngefomethi ye-WebAssembly. Ukuqinisekisa ukuzimela kwenkundla, inikeza uhlobo olusha lwe-128-bit olungamela izinhlobo ezahlukene zedatha egcwele, kanye nemisebenzi eminingana eyisisekelo ye-vector yokucubungula idatha egcwele. I-SIMD ikuvumela ukuthi ukhuphule ukukhiqiza ngokufanisa ukucutshungulwa kwedatha futhi izoba usizo lapho uhlanganisa ikhodi yomdabu ku-WebAssembly. Ukuze unike amandla usekelo lwe-SIMD, ungasebenzisa isilungiselelo esithi “chrome://flags/#enable-webassembly-simd”.
- Izinzisiwe futhi manje isatshalaliswa ngaphandle Kwezilingo Zomsuka
API , ehlinzeka ngemethadatha emayelana nokuqukethwe okwakugcinwe kunqolobane ngaphambilini izinhlelo zokusebenza zewebhu ezisebenza ngemodi ye-Progressive Web Apps (PWS). Uhlelo lokusebenza lungagcina idatha ehlukahlukene ohlangothini lwesiphequluli, okuhlanganisa izithombe, amavidiyo nama-athikili, futhi lapho uxhumano lwenethiwekhi kulahleka, lusebenzise usebenzisa i-Cache Storage kanye ne-IndexedDB APIs. I-Content Indexing API yenza kube nokwenzeka ukwengeza, ukuthola nokususa izinsiza ezinjalo. Esipheqululini, le API isivele isetshenziselwa ukufaka uhlu lwamakhasi nedatha ye-multimedia etholakalayo ukuze ibukwe ungaxhunyiwe ku-inthanethi. - Inguqulo ye-API izinzile ngokusekelwe endleleni Yesethembiso, ehlinzeka ngendlela evikeleke kakhudlwana yokulawula ukukhutshazwa kwezikrini zokukhiya ngokuzenzakalelayo nokushintsha amadivayisi kumamodi okonga amandla.
- Kunguqulo yesikhulumi se-Android ukusekela izinqamuleli zohlelo lokusebenza, okukuvumela ukuthi unikeze ukufinyelela okusheshayo ezenzweni ezijwayelekile ezidumile kuhlelo lokusebenza. Ukuze udale izinqamuleli, vele ungeze izici ku-manifest yohlelo lokusebenza lwewebhu ngefomethi ye-PWA (Progressive Web Apps).
- I-Web Worker ivunyelwe ukusebenzisa i-API , okukuvumela ukuthi uchaze isibambi sokwenza umbiko, obizwa lapho ufinyelela amakhono aphelelwe yisikhathi. Umbiko okhiqiziwe ungalondolozwa, uthunyelwe kuseva, noma ucutshungulwe ngombhalo we-JavaScript ngokubona komsebenzisi.
- I-API ibuyekeziwe , okukuvumela ukuthi uxhume isibambi okuzothunyelwa kuso izaziso mayelana nezinguquko kusayizi wezinto ezishiwo ekhasini. Izakhiwo ezintathu ezintsha zengezwe ku-ResizeObserverEntry: contentBoxSize, borderBoxSize kanye ne-devicePixelContentBoxSize ukuze kunikezwe ulwazi oluyimbudumbudu olwengeziwe, olubuyiselwe njengohlu lwezinto ze-ResizeObserverSize.
- Kwengezwe igama elingukhiye "»ukusetha kabusha isitayela se-elementi enanini layo elizenzakalelayo.
- Kukhishwe isiqalo sezakhiwo ze-CSS "-webkit-appearance" kanye "-webkit-ruby-position", manje ezitholakala ngokuthi ""Futhi"".
- Ku-JavaScript ukwesekwa kwezindlela zokumaka kanye nezakhiwo zekilasi njengeziyimfihlo, ngemva kwalokho ukufinyelela kuzo kuzovulwa kuphela ngaphakathi kwekilasi (ngaphambilini izinkambu kuphela ebeziyimfihlo). Ukumaka izindlela nezakhiwo ngasese: Ngaphambi kwegama lenkambu kukhona uphawu "#".
- Ku-JavaScript ukwesekwa (ireferensi ebuthakathaka) ezintweni ze-JavaScript ezikuvumela ukuthi ugcine ireferensi yento, kodwa ungavimbeli umqoqi kadoti ekususeni into ehlobene. Ukwesekwa kwabaphothuli nakho kungeziwe, okwenza kube nokwenzeka ukuchaza isibambi esibizwa ngemva kokuqoqwa kukadoti wento ethile eshiwo.
- Ukwethulwa kwezicelo ku-WebAssembly kusheshisiwe, ngenxa yokuqaliswa kokuhlanganisa (isisekelo) sokuqala se-Liftoff и . Amathuluzi okulungisa amaphutha e-WebAssembly athuthukisiwe, ukusebenza kokulungisa iphutha kuye kwathuthukiswa kakhulu lapho kusetshenziswa ama-breakpoint (phambilini, umhumushi wayesetshenziselwa ukulungisa iphutha, futhi manje i-Liftoff compiler).
- Kumathuluzi onjiniyela bewebhu pphttps://developers.google.com/web/updates/2020/05/devtools iphaneli yokuhlaziya ukusebenza ibuyekeziwe. Kwengezwe ulwazi olujwayelekile mayelana nemethrikhi (Isikhathi Esiphelele Sokuvimba), okubonisa ukuthi ikhasi libonakala litholakala isikhathi esingakanani, kodwa empeleni alitholakali (okungukuthi ikhasi selinikeziwe kakade, kodwa ukukhishwa kochungechunge oluyinhloko kusavinjiwe futhi ukufakwa kwedatha akunakwenzeka). Kwengezwe isigaba esisha Sokuzizwisa sokuhlaziywa kwamamethrikhi (I-Cumulative Layout Shift), ebonisa ukuzinza kokubukwayo kokuqukethwe. Iphaneli yokuhlola izitayela ze-CSS inikeza ukubuka kuqala kwezithombe ezicaciswe ngesakhiwo "sesithombe sangemuva".
Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha iyaqeda . Ubungozi obuningi buhlonzwe njengomphumela wokuhlola okuzenzakalelayo ngamathuluzi , , , и . Inkinga eyodwa (CVE-2020-6510, ukuchichima kwebhafa kusibambi sangemuva sokulanda) imakwe njengobucayi, i.e. ikuvumela ukuthi udlule wonke amazinga okuvikela isiphequluli futhi wenze ikhodi kusistimu engaphandle kwendawo ye-sandbox. Njengengxenye yohlelo lokukhokha imiklomelo yemali ngokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engu-26 ebiza u-$21500 (imiklomelo emibili ka-$5000, imiklomelo emibili ka-$3000, umklomelo owodwa ka-$2000, imiklomelo emibili engu-$1000, kanye nemiklomelo emithathu yama-$500). Ubukhulu bemiklomelo engu-16 abukakaziwa.
Source: opennet.ru