Google Chrome 72: Deprecates TLS 1.0 And 1.1

[The AchieVer]

Google Chrome 72: Deprecates TLS 1.0 And 1.1 

 

 

Google has rolled out the latest version of their Chrome browser for all compatible operating systems. The new Google Chrome 72 release holds significance as it brings major updates with it. Not only it fixes tens of security vulnerabilities but also deprecates TLS 1.0 and TLS 1.1.

Google Chrome 72 Deprecates TLS 1.0 And TLS 1.1

Google has released its latest version of Chrome browser for Windows, Linux, Android, and Mac. They have brought some major changes in the underlying Web API and protocols with Google Chrome 72. Google has already announced these changes in December 2018, and now, they have materialized them all with Chrome 72.

The most important change with this version is the deprecation of TLS 1.0 and 1.1. Google has highlighted several weaknesses in TLS 1.0 and 1.1 that compel Chrome for deprecation. They further stated,

“Supporting TLS 1.2 is a prerequisite to avoiding the above problems. The TLS working group has deprecated TLS 1.0 and 1.1.”

As revealed, this deprecation will eventually lead to complete removal of TLS 1.0 and 1.1 by early 2020, supposedly with Chrome 81.

58 Security Flaws Also Patched

Google Chrome 72 also brings fixes for 58 different security flaws. As stated by Google,

“Chrome 72.0.3626.81 contains a number of fixes and improvements… This update includes 58 security fixes.”

These include a critical vulnerability (CVE-2019-5754) that existed because of “Inappropriate implementation in QUIC Networking”, 17 high severity vulnerabilities, 12 medium severity, and 4 low severity flaws. The researcher who reported the critical vulnerability earned $7500 as bug bounty.

Other Important Changes

In addition to the above updates, Chrome 72 also brings a lot more API changes. One such important update is the deprecation of PaymentAddress.languageCode in the Payment Request API with a target for complete removal by Chrome 74.

Besides, other significant changes include the removal of rendering FTP resources, removal of HPKP(HTTP-Based Public Key Pinning) and blocking pages from using window.open() API to disallow popup windows.

Users of Google Chrome should, hence, ensure updating their devices with the latest Chrome browser versions.

 

Source

[steven36]

If they ever mess up ad-blockers  like they plain i will  deprecate Chromium  it's really no good on Linux no way  because it has no  DRM  for videos and music that require it. But Firefox and Waterfox has it if you want to use it, Google  Chrome is not available by default on Linux you have to get it from Google and I never seen the point in using it.Now they removing being able to look at FTP sites in there browser they slowly trying to kill the web and lock there users down  .There search engine already removes  so much stuff your more likely to find what your looking for at the LumenDatabase.org. site at the bottom of the page.