Google released a new version of its Chrome browser with several improvements, the most significant of which is a complete refusal to support the binding of public keys of the HTTP (HTTP Public Key Pinning, HPKP). From now on, Chrome will not support sites using the HPKP standard.

In addition, the browser will not display the resources that are downloaded via FTP. Chrome will continue to list the FTP directory, but when I try site to upload an image or JavaScript file instead of rendering an image or running the file, the browser will offer to download them.

Another important change for the standard TLS 1.0 and TLS 1.1 — now they will be marked as obsolete. This measure is part of the strategy Google’s complete abandonment of the use of obsolete protocols. Presumably, support for TLS 1.0 and TLS 1.1 will be phased out with the release of Chrome 81, the release of which is scheduled for early 2020. In October last year, ending support for TLS 1.0 and TLS 1.1 also announced Apple, Microsoft and Mozilla.

Among other things, the release of Chrome 72 Google engineers corrected the 58 vulnerabilities in various components, including the engine, V8, WebRTC and others. Full list of vulnerabilities is available here.

Bind the public keys of the HTTP (HPKP, HTTP Public Key Pinning) is one of the protective measures of the browser, which prevents attacks by spoofing an SSL certificate is incorrectly issued or a fake one. Technology is designed to eliminate the possibility of an attack “man in the middle” attacks using malicious add-ons.

Read more •••


Please enter your comment!
Please enter your name here