I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-Chrome 93

Ukukhishwa kwe-Chrome 93

I-Google iveze ukukhishwa kwesiphequluli sewebhu se-Chrome 93. Ngesikhathi esifanayo, ukukhululwa okuzinzile kwephrojekthi yamahhala ye-Chromium, esebenza njengesisekelo se-Chrome, kuyatholakala. Isiphequluli se-Chrome sihlukaniswa ngokusetshenziswa kwezimpawu ze-Google, ukuba khona kwesistimu yokuthumela izaziso uma kwenzeka ingozi, amamojula okudlala okuqukethwe kwevidiyo evikelwe (DRM), isistimu yokufaka ngokuzenzakalelayo izibuyekezo, nokudlulisa amapharamitha e-RLZ lapho usesha. Ukukhishwa okulandelayo kwe-Chrome 94 kuhlelelwe uSepthemba 21 (ukuthuthukiswa kuhanjiswe emjikelezweni wokukhishwa wamaviki ama-4).

Izinguquko ezibalulekile ku-Chrome 93:

  • Idizayini yebhulokhi enolwazi lwekhasi (ulwazi lwekhasi) lwenziwe lwakamuva, lapho usekelo lwamabhulokhi afakwe esidlekeni luye lwasetshenziswa, futhi izinhlu zokudonsela phansi ezinamalungelo okufinyelela zithathelwe indawo amaswishi. Uhlu luqinisekisa ukuthi ulwazi olubaluleke kakhulu luboniswa kuqala. Ushintsho alunikiwe amandla kubo bonke abasebenzisi; ukuze ulwenze lusebenze, ungasebenzisa ukulungiselelwa kwe-“chrome://flags/#page-info-version-2-desktop”.
    Ukukhishwa kwe-Chrome 93
  • Ngephesenti elincane labasebenzisi, njengokuhlola, inkomba yokuxhumana evikelekile kubha yekheli yathathelwa indawo uphawu oluphakathi nendawo olungabangeli ukutolika okukabili (isikhiya sithathelwe indawo ngophawu “V”). Ngoxhumo olusungulwe ngaphandle kokubethela, inkomba "engavikelekile" iyaqhubeka nokuboniswa. Isizathu esicashuniwe sokushintsha inkomba ukuthi abasebenzisi abaningi bahlobanisa inkomba ye-padlock neqiniso lokuthi okuqukethwe kwesayithi kungathenjwa, kunokukubona njengophawu lokuthi uxhumano lubethelwe. Uma sibheka inhlolovo ye-Google, abasebenzisi abangu-11% kuphela abaqonda incazelo yesithonjana esinokhiye.
    Ukukhishwa kwe-Chrome 93
  • Uhlu lwamathebhu asanda kuvalwa manje lubonisa okuqukethwe kwamaqembu avaliwe amathebhu (ngaphambilini uhlu luvele lubonise igama leqembu ngaphandle kokuchaza okuqukethwe) ngamandla okubuyisela kokubili iqembu kanye namathebhu ngamanye eqenjini ngesikhathi esisodwa. Isici asinikiwe amandla kubo bonke abasebenzisi, ngakho-ke ungase udinge ukushintsha ukulungiselelwa kwe-"chrome://flags/#tab-restore-sub-menus" ukuze uyinike amandla.
    Ukukhishwa kwe-Chrome 93
  • Emabhizinisini, izilungiselelo ezintsha zifakiwe: DefaultJavaScriptJitSetting, JavaScriptJitAllowedForSites kanye ne-JavaScriptJitBlockedForSites, ekuvumela ukuthi ulawule imodi ye-JIT-less, evimbela ukusetshenziswa kokuhlanganiswa kwe-JIT lapho kusetshenziswa i-JavaScript (kusetshenziswe umhumushi we-Ignition kuphela) kanye nokwenqatshelwa kokwenziwayo. inkumbulo ngesikhathi sokwenziwa kwekhodi. Ukukhubaza i-JIT kungaba usizo ekuthuthukiseni ukuvikeleka kokusebenza nezinhlelo zokusebenza zewebhu ezingaba yingozi ngezindleko zokunciphisa ukusebenza kwe-JavaScript cishe ngo-17%. Kuyaphawuleka ukuthi iMicrosoft iye yadlulela phambili futhi yasebenzisa imodi yokuhlola ethi “Super Duper Secure” esipheqululini se-Edge, evumela umsebenzisi ukuthi akhubaze i-JIT futhi enze kusebenze izindlela zokuphepha zehadiwe ezingahambisani ne-JIT CET (Controlflow-Enforcement Technology), ACG (Arbitrary I-Code Guard) kanye ne-CFG (I-Control Flow Guard) yezinqubo zokucubungula okuqukethwe kwewebhu. Uma ukuhlolwa kuvela kuphumelele, singalindela ukuthi kudluliselwe engxenyeni enkulu ye-Chrome.
  • Ikhasi lethebhu elisha linikeza uhlu lwamadokhumenti adume kakhulu alondolozwe ku-Google Drayivu. Okuqukethwe kohlu kuhambelana nesigaba Esibalulekile ku-drive.google.com. Ukuze ulawule ukuboniswa kokuqukethwe kwe-Google Drayivu, ungasebenzisa i-“chrome://flags/#ntp-modules” kanye nezilungiselelo ze-“chrome://flags/#ntp-drive-module”.
    Ukukhishwa kwe-Chrome 93
  • Amakhadi olwazi olusha engeziwe ekhasini elivuliwe lethebhu entsha ukuze akusize uthole okuqukethwe okusanda kubukwa kanye nolwazi oluhlobene. Amakhadi aklanyelwe ukwenza kube lula ukuqhubeka nokusebenza ngolwazi ukubukwa kwalo okuphazanyiswe, isibonelo, amakhadi azokusiza ukuthi uthole iresiphi yesidlo esisanda kutholakala ku-inthanethi kodwa salahleka ngemva kokuvala ikhasi, noma ukuqhubeka nokwenza. ukuthenga ezitolo. Njengokuhlolwa, abasebenzisi banikezwa amamephu amasha amabili: “Amaresiphi” (chrome://flags/#ntp-recipe-tasks-module) okusesha amaresiphi okupheka nokubonisa izindlela zokupheka ezisanda kubukwa; “Ukuthenga” (chrome://flags/#ntp-chrome-cart-module) ngezikhumbuzi mayelana nemikhiqizo ekhethwe ezitolo ze-inthanethi.
  • Inguqulo ye-Android yengeza usekelo lokuzikhethela lwephaneli yosesho eqhubekayo (chrome://flags/#continuous-search), ekuvumela ukuthi ugcine imiphumela yosesho yakamuva ye-Google ibonakala (iphaneli iyaqhubeka nokubonisa imiphumela ngemva kokuthuthela kwamanye amakhasi).
    Ukukhishwa kwe-Chrome 93
  • Imodi yesilingo yokwabelana ngekhwothi yengezwe enguqulweni ye-Android (chrome://flags/#webnotes-stylize), ekuvumela ukuthi ulondoloze isiqeshana esikhethiwe sekhasi njengesicaphuni futhi wabelane ngaso nabanye abasebenzisi.
  • Lapho ushicilela izengezo ezintsha noma izibuyekezo zenguqulo eSitolo Sewebhu Se-Chrome, ukuqinisekiswa konjiniyela okunezici ezimbili manje kuyadingeka.
  • Abasebenzisi be-akhawunti ye-Google banenketho yokulondoloza ulwazi lokukhokha ku-akhawunti yabo ye-Google.
  • Kumodi ye-incognito, uma inketho yokusula idatha yokuzulazula yenziwe yasebenza, ibhokisi lengxoxo elisha lokuqinisekisa ukusebenza selisetshenzisiwe, elichaza ukuthi ukusula idatha kuzovala iwindi futhi kuqede zonke izikhathi ngemodi ye-incognito.
  • Ngenxa yokuhlonzwa kokungahambisani ne-firmware yamanye amadivaysi, ukusekelwa kwendlela entsha yesivumelwano engukhiye engezwe ku-Chrome 91, ukumelana nokuqagela kumakhompyutha we-quantum, okusekelwe ekusetshenzisweni kwesandiso se-CECPQ1.3 (Combined Elliptic-Curve kanye ne-Post-Quantum 2) I-TLSv2, ihlanganisa indlela yokushintshisana ebalulekile ye-X25519 nohlelo lwe-HRSS olusekelwe ku-algorithm ye-NTRU Prime eyenzelwe ama-cryptosystems angemuva kwe-quantum.
  • Izimbobo 989 (ftps-data) kanye ne-990 (ftps) zengezwe enanini lezimbobo zenethiwekhi ezinqatshelwe ukuze kuvinjwe ukuhlasela kwe-ALPACA. Ngaphambilini, ukuze kuvikelwe ekuhlaselweni okushelelayo kwe-NAT, amachweba angu-69, 137, 161, 554, 1719, 1720, 1723, 5060, 5061, 6566 kanye no-10080 asevele avinjiwe.
  • I-TLS ayisawasekeli ama-cipher asekelwe ku-algorithm ye-3DES. Ikakhulukazi, i-TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite, esengozini yokuhlaselwa kwe-Sweet32, isusiwe.
  • Ukusekelwa kwe-Ubuntu 16.04 kunqanyuliwe.
  • Kungenzeka ukusebenzisa i-WebOTP API phakathi kwamadivayisi ahlukene axhunywe nge-akhawunti evamile ye-Google. I-WebOTP ivumela uhlelo lokusebenza lewebhu ukuthi lifunde amakhodi okuqinisekisa esikhathi esisodwa athunyelwe nge-SMS. Ushintsho oluhlongozwayo lwenza kube lula ukuthola ikhodi yokuqinisekisa kudivayisi yeselula esebenzisa i-Chrome ye-Android, futhi isetshenziswe kusistimu yedeskithophu.
  • I-API Yamacebiso Weklayenti Lomsebenzisi inwetshiwe, yathuthukiswa esikhundleni sesihloko somenzeli womsebenzisi. Amacebo Weklayenti Womsebenzisi-Umenzeli akuvumela ukuthi uhlele ukulethwa okukhethiwe kwedatha mayelana nemingcele ethile yesiphequluli nesistimu (inguqulo, inkundla, njll.) kuphela ngemva kwesicelo seseva. Umsebenzisi, naye, anganquma ukuthi yiluphi ulwazi olunganikezwa abanikazi besayithi. Uma usebenzisa Amacebo Eklayenti Lomenzeli Womsebenzisi, isihlonzi sesiphequluli asidluliswa ngaphandle kwesicelo esicacile, futhi ngokuzenzakalela kucaciswa imingcele eyisisekelo kuphela, okwenza ukuhlonza okungenzi lutho kube nzima.

    Inguqulo entsha isekela ipharamitha ye-Sec-CH-UA-Bitness ukubuyisela idatha mayelana nobuthi beplathifomu, engasetshenziswa ukunikeza amafayela kanambambili athuthukisiwe. Ngokuzenzakalelayo, ipharamitha ye-Sec-CH-UA-Platform ithunyelwa ngolwazi olujwayelekile lweplathifomu. Inani le-UADataValues ​​​​elibuyisiwe lapho kubizwa i-getHighEntropyValues() lisetshenziswa ngokuzenzakalelayo ukuze kubuyiselwe amapharamitha ajwayelekile uma kungenakwenzeka ukubuyisela inketho enemininingwane. Indlela ye-toJSON yengezwe entweni ye-NavigatorUAData, ekuvumela ukuthi usebenzise izakhiwo ezifana ne-JSON.stringify(navigator.userAgentData).

  • Ikhono lokupakisha izinsiza kumaphakheji ngefomethi Yenqwaba Yewebhu, elungele ukuhlela ukulayishwa okuphumelelayo kwenani elikhulu lamafayela ahambisanayo (izitayela ze-CSS, i-JavaScript, izithombe, ama-iframe), lizinzisiwe futhi lanikezwa ngokuzenzakalelayo. Phakathi kokushiyeka ekusekelweni okukhona kwamaphakheji wamafayela e-JavaScript (i-webpack), i-Web Bundle ezama ukuyiqeda: iphakheji ngokwayo, kodwa hhayi izingxenye zayo zengxenye, ingagcina ku-cache ye-HTTP; ukuhlanganisa nokwenza kungaqala kuphela ngemva kokuba iphakheji selilandiwe ngokuphelele; Izinsiza ezengeziwe ezifana ne-CSS nemifanekiso kufanele zibhalwe ngekhodi ngendlela yeyunithi yezinhlamvu ye-JavaScript, ekhulisa usayizi futhi idinga esinye isinyathelo sokuhlaziya.
  • I-WebXR Plane Detection API ifakiwe, ihlinzeka ngolwazi mayelana nezindawo ezihleliwe endaweni ebonakalayo ye-3D. I-API eshiwo ikwenza kube nokwenzeka ukugwema ukucutshungulwa okugxilisa kakhulu kwensiza idatha etholwe ngekholi MediaDevices.getUserMedia(), kusetshenziswa ukusetshenziswa okuphathelene nama-algorithms okubona kwekhompyutha. Ake sikukhumbuze ukuthi i-WebXR API ikuvumela ukuthi uhlanganise umsebenzi ngezigaba ezahlukahlukene zamadivayisi ento engekho ngokoqobo, kusukela kuzigqoko ezimile ze-3D kuya kuzixazululo ezisekelwe kumadivayisi eselula.
  • Ama-API amaningana amasha engeziwe kumodi ye-Origin Trials (izici zokuhlola ezidinga ukwenziwa kusebenze okuhlukile). I-Origin Trial isho amandla okusebenza ne-API eshiwo ezinhlelweni ezilandwe ku-localhost noma 127.0.0.1, noma ngemva kokubhalisa nokwamukela ithokheni elikhethekile elisebenza isikhathi esilinganiselwe sesayithi elithile.
    • I-Multi-Screen Window Placement API ihlongozwa, evumela ukuthi ubeke amafasitela kunoma yisiphi isibonisi esixhunywe ohlelweni lwamanje, futhi ulondoloze indawo yewindi futhi, uma kunesidingo, wandise iwindi esikrinini esigcwele. Isibonelo, kusetshenziswa i-API eshiwo, uhlelo lwewebhu lokubonisa isethulo lungahlela ukuboniswa kwamaslayidi esikrinini esisodwa, futhi lubonise inothi lomethuli kwesinye.
    • Inhlokweni ye-Cross-Origin-Embedder-Policy, elawula imodi yokuhlukanisa ye-Cross-Origin futhi ikuvumela ukuthi uchaze imithetho yokusetshenziswa evikelekile ekhasini Le-Privileged Operations, manje isekela ipharamitha "engenasici" ukuze ukhubaze ukudluliswa kolwazi oluhlobene nemininingwane efana Amakhukhi nezitifiketi zeklayenti.
    • Kuzinhlelo zokusebenza zewebhu ezizimele zodwa (i-PWA, Izinhlelo Zewebhu Eziqhubekayo) ezilawula ukunikezwa kokuqukethwe kwewindi nokubamba okokufaka, imbondela enezilawuli zewindi, njengebha yesihloko nezinkinobho zokunweba/zokugoqa, inikezwa. Imbondela inweba indawo ehlelekayo ukuze imboze lonke iwindi futhi ikuvumela ukuthi ungeze ezakho izici endaweni yesihloko.
      Ukukhishwa kwe-Chrome 93
    • Kwengezwe amandla okudala izinhlelo zokusebenza ze-PWA ezingasetshenziswa njengezibambi ze-URL. Isibonelo, uhlelo lokusebenza lwe-music.example.com lingazibhalisa ngokwalo njengesibambi se-URL https://*.music.example.com futhi zonke izinguquko ezivela ezinhlelweni zangaphandle zisebenzisa lezi zixhumanisi, isibonelo, kusuka kuzithunywa ezisheshayo kanye namakhasimende e-imeyili, zizohola. ekuvulweni kwale PWA- izinhlelo zokusebenza, hhayi ithebhu entsha yesiphequluli.
  • Kungenzeka ukulayisha amafayela e-CSS usebenzisa inkulumo ethi "ngenisa", efana nokulayisha amamojula e-JavaScript, okulula uma udala izakhi zakho futhi ikuvumela ukuba wenze ngaphandle kokwabela izitayela usebenzisa ikhodi ye-JavaScript. ngenisa ishidi lisuka ku-'./styles.css' assert {type: 'css' }; document.adoptedStyleSheets = [ishidi]; shadowRoot.adoptedStyleSheets = [ishidi];
  • Indlela entsha emile, i-AbortSignal.abort(), ihlinzekiwe ebuyisela into ye-AbortSignal osekuvele kusethelwe ukuthi inqanyuliwe. Esikhundleni semigqa eminingana yekhodi ukuze udale into ye-AbortSignal esimweni sokuhoxiswa, ungakwazi manje ukudlula ngomugqa owodwa othi “return AbortSignal.abort()”.
  • Isici se-Flexbox sengeze ukusekelwa kwamagama angukhiye okuqala, ukuphela, ukuziqala, ukuziqeda, kwesokunxele nakwesokudla, okuhambisana nesikhungo, amagama angukhiye we-flex-start kanye ne-flex-end ngamathuluzi okuqondanisa okulula kokuma kwezakhi eziguqukayo.
  • Umakhi we-Error() usebenzisa isici esisha "sombangela", esikuvumela ukuthi uhlobanise amaphutha kalula. const parentError = Iphutha elisha('umzali'); const error = Iphutha elisha('umzali', { imbangela: parentError }); console.log(error.cause === parentError); // → iqiniso
  • Ukwesekwa okwengeziwe kwemodi ye-noplaybackrate esakhiweni se-HTMLMediaElement.controlsList, esikuvumela ukuthi ukhubaze izici zesixhumi esibonakalayo esihlinzekwe kusiphequluli sokushintsha isivinini sokudlala sokuqukethwe kwe-multimedia.
  • Kwengezwe unhlokweni we-Sec-CH-Prefers-Color-Scheme, ovumela, esigabeni sokuthumela isicelo, ukudlulisa idatha mayelana nohlelo lombala olukhethwa ngumsebenzisi olusetshenziswa kumibuzo yemidiya “ye-prefers-color-scheme”, okuzovumela isayithi ukuthi lithuthuke. ukulayishwa kwe-CSS ehlotshaniswa nesikimu esikhethiwe futhi ugweme ukushintsha okubonakalayo kwezinye izikimu.
  • Kwengezwe impahla ye-Object.hasOwn, okuyinguqulo eyenziwe lula ye-Object.prototype.hasOwnProperty, esetshenziswa njengendlela emile. Object.hasOwn({ prop: 42 }, 'prop') // → iqiniso
  • Idizayinelwe ukuhlanganiswa okushesha kakhulu kwe-brute-force, umdidiyeli we-JIT we-Sparkplug wengeze imodi yokusebenzisa inqwaba ukuze kuncishiswe okungaphezulu kokushintsha amakhasi enkumbulo phakathi kwamamodi okubhala nawokugijima. I-Sparkplug manje ihlanganisa imisebenzi eminingi ngesikhathi esisodwa futhi ishayela i-mprotect kanye ukuze iguqule izimvume zeqembu lonke. Imodi ehlongozwayo inciphisa ngokuphawulekayo isikhathi sokuhlanganiswa (sifika ku-44%) ngaphandle kokuba nomthelela ongemuhle ekusebenzeni kokwenziwa kwe-JavaScript.
    Ukukhishwa kwe-Chrome 93
  • Inguqulo ye-Android ikhubaza ukuvikela okwakhelwe ngaphakathi kwenjini ye-V8 ekuhlaselweni kwesiteshi esiseceleni okufana ne-Specter, engabhekwa njengesebenza ngempumelelo njengokuhlukanisa amasayithi ngezinqubo ezihlukene. Kunguqulo yedeskithophu, lezi zindlela zikhutshaziwe emuva ekukhishweni kwe-Chrome 70. Ukukhubaza ukuhlola okungadingekile kuvunyelwe ukukhulisa ukusebenza ngo-2-15%.
    Ukukhishwa kwe-Chrome 93
  • Ukuthuthukiswa kwenziwe kumathuluzi onjiniyela bewebhu. Kumodi yokuhlola ishidi lesitayela, kungenzeka ukuhlela imibuzo eyenziwe kusetshenziswa isisho esithi @container. Kumodi yokuhlola inethiwekhi, ukubuka kuqala kwezinsiza kufomethi yenqwaba yewebhu kuyasetshenziswa. Kukhonsoli yewebhu, izinketho zokukopisha amayunithi ezinhlamvu ngendlela ye-JavaScript noma i-JSON literals yengezwe kumenyu yokuqukethwe. Ukulungisa iphutha okuthuthukisiwe kwe-CORS (I-Cross-Origin Resource Sharing) amaphutha ahlobene.
    Ukukhishwa kwe-Chrome 93

Ngokungeziwe ezenzweni ezintsha nokulungiswa kweziphazamisi, inguqulo entsha isusa ubungozi obungu-27. Ubungozi obuningi buhlonzwe njengomphumela wokuhlolwa okuzenzakalelayo kusetshenziswa i-AddressSanitizer, MemorySanitizer, Control Flow Integrity, LibFuzzer kanye namathuluzi e-AFL. Azikho izinkinga ezibucayi ezitholiwe ezingavumela umuntu ukuthi adlule wonke amazinga okuvikela isiphequluli futhi akhiphe ikhodi kusistimu engaphandle kwendawo ye-sandbox. Njengengxenye yohlelo lokukhokha imiklomelo yemali ngokuthola ubungozi ekukhishweni kwamanje, i-Google ikhokhele imiklomelo engu-19 ebiza u-$136500 (imiklomelo emithathu yama-$20000, umklomelo owodwa wama-$15000, imiklomelo emithathu engu-$10000, umklomelo owodwa ongu-$7500, imiklomelo emithathu yama-$5000 kanye nemiklomelo emithathu yama-$3000). Usayizi wemiklomelo emi-5 awukakanqunywa.

Source: opennet.ru

Engeza amazwana