Security News > 2023 > August > Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116.
"Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday.
The encryption algorithm has already been adopted by Cloudflare, Amazon Web Services, and IBM. X25519Kyber768 is a hybrid algorithm that combines the output of X25519, an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections.
"In TLS, even though the symmetric encryption algorithms that protect the data in transit are considered safe against quantum cryptanalysis, the way that the symmetric keys are created is not," O'Brien said.
The development comes as Google said it's changing the release cadence of Chrome security updates from bi-weekly to weekly to minimize the attack window and address the growing patch gap problem that allows threat actors more time to weaponize published n-day and zero-day flaws.
"Bad actors could possibly take advantage of the visibility into these fixes and develop exploits to apply against browser users who haven't yet received the fix," Amy Ressler from the Chrome Security Team said.
News URL
https://thehackernews.com/2023/08/enhancing-tls-security-google-adds.html
Related news
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)