Google Chrome 88 Released: RIP Flash Player And FTP Support

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player.

Chrome 88 is now promoted to the Stable channel, Chrome 89 is the new Beta version, and Chrome 90 will be the Canary version.

Windows, Mac, and Linux desktop users can upgrade to Chrome 88 by going to Settings -> Help -> About Google Chrome. The browser will then automatically check for the new update and install it when available.

Flash Player removed from Chrome

To coordinate with Adobe Flash Player reaching the end of life on January 12th, 2021, Google has completely removed Flash from the browser.

With this change, it will no longer be possible for organizations to use Enterprise policy to enable Flash Player again in Google Chrome.

Google has been warning users since 2017 of Adobe Flash Player’s removal and has been advising the enterprise to migrate away from using Flash in their environment.

With this change, the largest platform used to run Flash content has officially closed its doors to Flash Player.

Also Read: Limiting Location Data Exposure: 8 Best Practices

FTP support removed

Google has removed FTP support (ftp://) from Chrome due to its low use and lack of support for encrypted (FTPS) or proxy connections.

Since 2014, Google has wanted to remove support for the FTP protocol in Chrome as it was determined to only be used by “.1-.2%” of the browser’s users.

With the release of Chrome 80, Google began deprecating FTP support with the addition of a new “chrome://flags/#enable-ftp” flag that controls whether FTP support is enabled or not. 

The initial goal was to disable FTP support by default in Chrome 81, but on April 9th, Google enabled it again to make sure there was no problem accessing content on FTP sites during the pandemic.

“In light of the current crisis, we are going to “undeprecate” FTP on the Chrome stable channel. I.e. FTP will start working again,” Google software engineer Asanka Herath posted to a Chromium bug topic.

With the release of Chrome 88, all FTP support has been removed from the browser.

Improved dark mode controls

While Google Chrome has supported an operating system’s dark mode settings for some time, it has not entirely synched all of its controls to use a dark mode theme. These controls include scroll bars and form controls.

With Chrome 88, the browser will now display scroll bars and form controls using a dark mode theme.

Improved security against tabnabbing attacks

With the release of Chrome 88, when a user clicks on a link that opens in a new tab, the browser will automatically apply the ‘noopener’ context to the link to prevent ‘tabnabbing’ attacks. Google references this attack method as ‘tab-napping.’

Tabnabbing is a security issue that allows a newly opened page to utilize javascript to redirect the original referring page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.

Web developers can add a rel=”noopener” attribute to HTML links to prevent a new tab from using JavaScript to redirect the referring page.

With today’s release, Google Chrome will automatically apply the rel=”nooopener” attribute to all links that open in a new tab.

New Tab search experiment

Chrome 88 brings a highly awaited feature that allows you to search through all of your open tabs. When enabled, you will see a small down arrow in a circle, that when clicked, will open a search dialog, as shown below.

This feature is being tested as an experiment in Chrome 88 and can be enabled in chrome://flags under the chrome://flags/#enable-tab-search flag.

Developer changes in Chrome 88

This release brings numerous new APIs, trials, and changes to Google Chrome. Below we have listed the main developer changes:

• Digital Goods API for in-app purchases from web applications.
• AbortSignal in addEventListener()
• CSS aspect-ratio Property
• CSS Selectors 4: Complex :not()
• Don’t Clear adoptedStyleSheets on Adoption to/from
• ElementInternals.shadowRoot Attribute
• Make Type Optional in WakeLock.request()
• Origin Isolation
• path() Support in clip-path CSS Property
• Permissions-Policy Header
• RTCRtpTransceiver.stop()
• Shared Array Buffers, Atomics, and Futex APIs in JavaScript
• New Origin Trials

For more details, be sure to check out the Chrome 88 developer changes blog post.

Also Read: 10 Practical Benefits of Managed IT Services

Chrome security fixes

Chrome 88’s security fixes have not been published yet.  We will update this section when they become available.