Google Releases Latest Chrome: Ends Support for FTP and U2F Security Keys

google chrome

Google has released its latest version, Chrome v95, which includes several changes that may affect a significant portion of users.

The changes in question are as follows.

  • End of support for File Transfer Protocol (FTP) URLs
  • Discontinuation of support for Universal 2nd Factor (U2F) standard used in previous generation security keys; Chrome will now only support FIDO2/WebAuth security keys only
  • Added file size limit to browser cookies (https://www.chromestatus.com/feature/4946713618939904)

RFC 6265bis has long proposed limiting the size of cookies, but implemented the limit in slightly different ways depending on the user agent, leading to interoperability issues and browser It provided a fingerprinting mechanism.

With this change in the intent specification, user agents are now required to limit the total length of the cookie name and value to 4096 bytes, and limit the length of each cookie attribute value to 1024 bytes. Attempts to set a cookie that exceeds the name and value limits will be rejected, and cookie attributes that exceed the attribute length limits will be ignored.

Most hostnames ending in a number rather than a valid IPv4 address are treated as valid and are looked up in DNS (e.g. http://foo.127.1/)

Public According to the Suffix List specification, the eTLD+1 of the hostname for this URL must be “127.1”. If this is fed back into the URL, the URL specification will map “http://127.1/” to “http://127.0.0.1/”, which can be dangerous.

Also, “127.0.0.1” could be used to confuse users. We would like to reject URLs with such hostnames.

In addition to these changes, Chrome 95 includes a new UI component called the “Side Panel” which can be used to display the Chrome browser reading list and bookmarks. This panel can be enabled by the following Chrome flag.

Chrome://flags/#side-panel

In addition, Chrome 95 includes changes for developers and security fixes. See below for details of other changes.

https:// blog.chromium.org/2021/09/chrome-95-beta-secure-payment.html

https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html

Leave a Reply

Your email address will not be published.