Also in the new version, was eliminated a vulnerability to the NAT Slipstream attack, about which reported famous information security researcher Samy Kamkar at the end of October this year. This described by the expert technique allows bypassing firewalls and connect to internal networks, in fact, turning Chrome into a proxy for attackers. To implement such an attack, attackers only need to trick the user to a malicious site.
I must say that Chrome 87 was the first browser protected by NAT Slipstream. Protection is implemented by blocking ports 5060 and 5061, which are used for bypassing firewalls and network address translation (NAT). The Safari and Firefox developers are just working on fixes.
Another major change in Chrome 87 was the end of FTP support. Let me remind you that Google developers have been talking about abandoning FTP since 2014, since the protocol is used by very few browser users (0.1-0.2%). In 2018, the company first announced plans to stop FTP officially, and Google engineers have already begun to implement those plans last summer.
They wanted to phase out FTP gradually. For example, for a while the browser will download the FTP directory listings, but will not display the files themselves (it will download them instead).
However, the coronavirus pandemic violated Google’s plans, and in the spring of 2020, FTP abandonment in the stable release was postponed, and FTP support was even temporarily turned back on.
Since the end of FTP support was delayed until the fall of last month with the release of Chrome 86, FTP links were no longer supported for 1% of Chrome’s user base. Now, with the release of Chrome 87, the developers have disabled FTP support for half of Chrome’s user base.
A complete switching off this functionality is scheduled for next year (most likely, this will happen in January 2021, when Chrome 88 is released). In the meantime, users who still need FTP support can enable it using chrome://flags/#enable-ftp.
It should be said that earlier this year, Mozilla developers have already dropped support for FTP in Firefox, and the planned changes were implemented in June, with the release of Firefox 77.