Google Chrome 72 abandons HPKP and patches a bunch of security vulnerabilities
- Chrome 72 comes with revamped browser settings along with improved security features.
- The world’s most-used browser will now stop supporting HTTP Public Key Pinning (HPKP) mechanism.
Yesterday, Google announced the latest version of Chrome, v72, to Windows, Mac, and Linux systems. This version is expected to roll out on various devices in the coming days.
Chrome 72 will come with many improvements as well as sporting a revamped look. The Chrome team has also patched 58 major security vulnerabilities that existed in the browser earlier.
Removes HPKP And Resource Rendering In FTP
Chrome 72 does not support HPKP mechanisms. This comes as Google had earlier announced to part ways with the security mechanism as it had problems within its developer framework. In fact, HPKP is quite difficult to implement, which is why fewer websites use it. Strangely, it was Google who introduced this mechanism a few years ago while most browsers did not pick up on this concept.
Apart from leaving HPKP, Chrome has also ditched resource rendering done on FTP sites. Whenever a user loads an FTP link, the browser urges to download media instead of displaying them on the site.
Deprecating TLS 1.0 and TLS 1.1
Google plans to end TLS 1.0 and TLS 1.1 by 2020. These two authentication protocols have been the receiving end of criticism due to inherent vulnerabilities present in them.
“Chrome 72 is only deprecating TLS 1.0 and TLS 1.1, meaning that when users access an HTTPS site using legacy TLS 1.0 or 1.1 certificates, Chrome will show an error in its developer console, but not block users from accessing the site. This will happen starting with Chrome 81,” reported ZDNet, regarding the development.