Security Experts:

Google Keeps Support for FTP in Chrome

Google has decided to keep support for the File Transfer Protocol (FTP) in Chrome a bit longer, after initially saying it would completely remove it in Chrome 82.

Due to the lack of support for secure connections or proxies, the implementation of FTP in Chrome creates security risks for users. Moreover, usage of the protocol is low, and removing it from the browser will not impact a large number of users.

Chrome 80, which arrived in the stable channel in early February, deprecated support for FTP. At the time, Google said the protocol would be disabled in Chrome 81 and completely removed in Chrome 82.

Although it has been considering removing FTP support for a couple of years, Google has decided to keep the protocol untouched for a bit longer, due to the current COVID-19 pandemic.

“Alright folks. In light of the current crisis, we are going to ‘undeprecate’ FTP on the Chrome stable channel. I.e. FTP will start working again,” Asanka Herath, software engineer at Google, posted on the dedicated Chromium bug topic.

The deprecation will resume once organizations potentially impacted by the change will be better positioned to deal with any emerging outages and migrations.

The coronavirus crisis has forced the Internet giant to delay stable Chrome releases and even completely skip Chrome 82, and also to roll back the enforcement of SameSite cookie labeling, a cross-site request forgery (CSRF) protection introduced in Chrome 80.

What’s more, the crisis has forced Google, Microsoft and Mozilla to delay the removal of the older Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox, after initially planning on removing it this spring.

Mozilla too is planning on removing FTP support from its browser. It would initially turn it off by default in Firefox 77, but wants to completely remove it from the browser at the beginning of 2021.

Related: Google Rolls Back Recently Introduced Chrome CSRF Protection

Related: Browser Makers Delay Removal of TLS 1.0 and 1.1 Support

Related: Serious Vulnerabilities Patched in Chrome, Firefox

view counter