2 min

Chrome 124 is more secure than ever, but it also poses problems for website infrastructure as a result. A new quantum-secure encryption is now on by default. This instantly breaks several connections between applications, servers and firewalls.

The encryption method, known as X25519Kyber768 (or simply “Kyber”), protects against “store now decrypt later” attacks. In other words, while encrypted data could be picked up by a malicious party, it couldn’t even be recovered with a quantum computer in the future.

TLS problems

Today, the web infrastructure appears to be partially unprepared for this encryption. Due to a misconfiguration, both TLS sides expect a certain amount of data that differs from the actual data. By default, all kinds of network devices need a patch to communicate smoothly with Chrome and (the also Chromium-based) Edge.

The problem arises at the so-called “ClientHello” handshake based on TLS (Transport Layer Security). The TLS handshake is core to the functionality of the modern internet, in which all kinds of components verify each other’s integrity before continuing. Among other things, the two communicating entities determine which cryptographic method is used.

Solutions

It is possible to disable the security feature in Chrome or Edge. However, traffic is then not encrypted via the new method, which may allow attackers to break older encryptions in the future.

Those who still choose to do so can ensure their current equipment works properly again as an admin via a policy. In that case, PostQuantumKeyAgreementEnabled can be turned off in Chrome. In Edge, it is also possible to create a group policy that fixes the problem. This is a temporary fix, according to both Google and Microsoft, as patches should eventually fix problems.

Also read: Decades after its debut, SMTP still enables new phishing techniques