Chrome 87 Fixed NAT Slipstream Vulnerability and Disabled FTP Support

FTP disabled in Chrome 87

Google engineers introduced Chrome 87, in which was disabled FTP support. The new version of the browser is already available for users of Windows, Mac, Linux, Chrome OS, Android and iOS.

The developers claim that Chrome has become more productive and “lighter”. So, due to the limitation of JavaScript timers and a number of other changes, CPU usage has decreased by 5 times, and the battery life has increased by 1.25 hours.

Chrome now” launches 25% faster and loads pages 7% faster while using less memory.Google developers say.

Also in the new version, was eliminated a vulnerability to the NAT Slipstream attack, about which reported famous information security researcher Samy Kamkar at the end of October this year. This described by the expert technique allows bypassing firewalls and connect to internal networks, in fact, turning Chrome into a proxy for attackers. To implement such an attack, attackers only need to trick the user to a malicious site.

FTP disabled in Chrome 87

I must say that Chrome 87 was the first browser protected by NAT Slipstream. Protection is implemented by blocking ports 5060 and 5061, which are used for bypassing firewalls and network address translation (NAT). The Safari and Firefox developers are just working on fixes.

Another major change in Chrome 87 was the end of FTP support. Let me remind you that Google developers have been talking about abandoning FTP since 2014, since the protocol is used by very few browser users (0.1-0.2%). In 2018, the company first announced plans to stop FTP officially, and Google engineers have already begun to implement those plans last summer.

It was planned that FTP support would be disabled by default with the release of Chrome 81, and after the release of version 82, all traces of the protocol would be permanently removed from the code.say the developers.

They wanted to phase out FTP gradually. For example, for a while the browser will download the FTP directory listings, but will not display the files themselves (it will download them instead).

However, the coronavirus pandemic violated Google’s plans, and in the spring of 2020, FTP abandonment in the stable release was postponed, and FTP support was even temporarily turned back on.

Since the end of FTP support was delayed until the fall of last month with the release of Chrome 86, FTP links were no longer supported for 1% of Chrome’s user base. Now, with the release of Chrome 87, the developers have disabled FTP support for half of Chrome’s user base.

A complete switching off this functionality is scheduled for next year (most likely, this will happen in January 2021, when Chrome 88 is released). In the meantime, users who still need FTP support can enable it using chrome://flags/#enable-ftp.

It should be said that earlier this year, Mozilla developers have already dropped support for FTP in Firefox, and the planned changes were implemented in June, with the release of Firefox 77.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *