- Jul 27, 2021
Google Chrome will no longer support the FTP in Chrome 80. It is also planning to drop FTP related code and resources or URL from Chrome 82 as was reported by the Chrome engineers. Chrome from the beginning did not have an encrypted FTP connection support which made it vulnerable to security threats online and raised the risk for downloading the resources over FTP. It should be mentioned that Google Chrome never did render FTP URLs, to begin with, but downloaded them in the browser if and when a website was visited.
Since downloading resources through the FTP URLs is accessible to all, there is no encryption of the data which indicates that any data, be it sensitive or otherwise, had been exposed to the middle man attack. The File Transfer Protocol is quite old, and despite having no encryption, hence vulnerable to attacks, some PC manufacturers host drivers and firmware still updates on the FTP sites, which means that it gains direct access to the information stored on the said device.
Google did take a step against in as the Chrome 76 stopped the images or PDF files in FTP sites being opened on the browser. But this still was not a foolproof plan as the browser displayed the directory listings of FTP folders contents.
Google announced that they will now remove the support for FTP URLs altogether. According to one of Google’s employees, the current FTP implementation in Chrome does not support the encrypted connections or proxies anymore. There are various FTP clients available on affected platforms which makes it somewhat redundant for Chrome to invest in supporting FTP anymore.
Chrome removed the support for accessing FTP URLs over HTTPS proxies in Chrome 76 completely. However, the users should not be affected by this deprecation as there are alternative secure FTP implementations already available in platforms like FileZilla.