Google Chrome 72: Deprecates TLS 1.0 And 1.1

Google has rolled out the latest version of their Chrome browser for all compatible operating systems. The new Google Chrome 72 release holds significance as it brings major updates with it. Not only it fixes tens of security vulnerabilities but also deprecates TLS 1.0 and TLS 1.1.

Google Chrome 72 Deprecates TLS 1.0 And TLS 1.1

Google has released its latest version of Chrome browser for Windows, Linux, Android, and Mac. They have brought some major changes in the underlying Web API and protocols with Google Chrome 72. Google has already announced these changes in December 2018, and now, they have materialized them all with Chrome 72.

The most important change with this version is the deprecation of TLS 1.0 and 1.1. Google has highlighted several weaknesses in TLS 1.0 and 1.1 that compel Chrome for deprecation. They further stated,

“Supporting TLS 1.2 is a prerequisite to avoiding the above problems. The TLS working group has deprecated TLS 1.0 and 1.1.”

As revealed, this deprecation will eventually lead to complete removal of TLS 1.0 and 1.1 by early 2020, supposedly with Chrome 81.

58 Security Flaws Also Patched

Google Chrome 72 also brings fixes for 58 different security flaws. As stated by Google,

“Chrome 72.0.3626.81 contains a number of fixes and improvements… This update includes 58 security fixes.”

These include a critical vulnerability (CVE-2019-5754) that existed because of “Inappropriate implementation in QUIC Networking”, 17 high severity vulnerabilities, 12 medium severity, and 4 low severity flaws. The researcher who reported the critical vulnerability earned $7500 as bug bounty.

Other Important Changes

In addition to the above updates, Chrome 72 also brings a lot more API changes. One such important update is the deprecation of PaymentAddress.languageCode in the Payment Request API with a target for complete removal by Chrome 74.

Besides, other significant changes include the removal of rendering FTP resources, removal of HPKP (HTTP-Based Public Key Pinning) and blocking pages from using window.open() API to disallow popup windows.

Users of Google Chrome should, hence, ensure updating their devices with the latest Chrome browser versions.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients