Security News > 2024 > April > Google Chrome's new post-quantum cryptography may break TLS connections
Some Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default.
Google started testing the post-quantum secure TLS key encapsulation mechanism in August and has now enabled it in the latest Chrome version for all users.
The new version utilizes the Kyber768 quantum-resistant key agreement algorithm for TLS 1.3 and QUIC connections to protect Chrome TLS traffic against quantum cryptanalysis.
"After several months of experimentation for compatibility and performance impacts, we're launching a hybrid postquantum TLS key exchange to desktop platforms in Chrome 124," the Chrome Security Team explains.
As system admins have shared online since Google Chrome 124 and Microsoft Edge 124 started rolling out on desktop platforms last week, some web applications, firewalls, and servers will drop connections after the ClientHello TLS handshake.
Affected Google Chrome users can mitigate the issue by going to chrome://flags/#enable-tls13-kyber and disabling the TLS 1.3 hybridized Kyber support in Chrome.
News URL
Related news
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Google Chrome is getting native support for YouTube-like video chapters (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem (source)
- How Google’s 90-day TLS certificate validity proposal will affect enterprises (source)