Google released a new version of its Chrome browser with several improvements, the most significant of which is a complete refusal to support the binding of public keys of the HTTP (HTTP Public Key Pinning, HPKP). From now on, Chrome will not support sites using the HPKP standard.
Another important change for the standard TLS 1.0 and TLS 1.1 — now they will be marked as obsolete. This measure is part of the strategy Google’s complete abandonment of the use of obsolete protocols. Presumably, support for TLS 1.0 and TLS 1.1 will be phased out with the release of Chrome 81, the release of which is scheduled for early 2020. In October last year, ending support for TLS 1.0 and TLS 1.1 also announced Apple, Microsoft and Mozilla.
Among other things, the release of Chrome 72 Google engineers corrected the 58 vulnerabilities in various components, including the engine, V8, WebRTC and others. Full list of vulnerabilities is available here.
Bind the public keys of the HTTP (HPKP, HTTP Public Key Pinning) is one of the protective measures of the browser, which prevents attacks by spoofing an SSL certificate is incorrectly issued or a fake one. Technology is designed to eliminate the possibility of an attack “man in the middle” attacks using malicious add-ons.
Read more •••