News Chrome 87 released: fixed vulnerability to NAT Slipstream attack, disabled FTP support


Soldier

Essential
Joined
20.10.20
Messages
87
Reaction score
642
Points
83
Google engineers have introduced Chrome 87, a new version of the browser is already available for users of Windows, Mac, Linux, Chrome OS, Android and iOS.

Developers claim that Chrome has become more productive and"easier". So, due to the restriction of JavaScript timers and a number of other changes, CPU usage decreased by 5 times, and the battery life increased by 1.25 hours. Google says that Chrome now " runs 25% faster and loads pages 7% faster, while using less memory."

Also in the new version, the vulnerability to the NAT Slipstream attack was eliminated, which was described by a well-known information security researcher Samy Kamkar at the end of October this year. The method described by the specialist allows you to bypass firewalls and connect to internal networks, in fact, turning Chrome into a proxy for attackers. To implement such an attack, you only need to trick the user into visiting a malicious site.

It should be noted that Chrome 87 was the first browser protected by NAT Slipstream. Protection is implemented by blocking ports 5060 and 5061, which are used to bypass firewalls and network address translation (NAT). Safari and Firefox developers are still working on creating fixes.

Another major change in Chrome 87 was the discontinuation of FTP support. Let me remind you that Google developers have been talking about abandoning FTP since 2014, since the Protocol is used by very few browser users (0.1-0.2%). in 2018, the company first announced plans to officially abandon FTP, and last summer Google engineers have already begun to implement these plans.

It was planned that FTP support will be disabled by default with the release of Chrome 81, and after the release of version 82, all traces of the Protocol will be permanently removed from the code. The rejection of FTP was planned to be carried out gradually. For example, the browser will load FTP directory listings for a while, but will not display the files themselves (it will download them instead).

However, Google's plans were hindered by the coronavirus pandemic, and in the spring of 2020, the rejection of FTP in the stable release was postponed, and FTP support was even temporarily turned back on.

Since the end of FTP support was postponed until the fall, last month, with the release of Chrome 86, FTP links were no longer supported for 1% of the Chrome user base. Now, with the release of Chrome 87, developers have disabled FTP support for half of the Chrome user base.

A complete shutdown of this functionality is planned for next year (most likely, this will happen in January 2021, when Chrome 88 is released). In the meantime, users who still need FTP support can enable it using chrome: / /flags/#enable-ftp.

It is worth noting that at the beginning of this year, Mozilla developers have already abandoned support for the FTP Protocol in Firefox , and the planned changes were implemented in June, with the release of Firefox 77.
 
Top Bottom