Welcome, Guest. Please login or register.

Author Topic: Google ditches OpenSSL in Chrome because of Heartbleed bug  (Read 479 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
The latest version of Google Chrome has dropped the OpenSSL security protocol in favour of its own BoringSSL fork.

OpenSSL fell into disrepute earlier this year following the discovery of a major bug - dubbed Heartbleed - which leaked data held in the memory of systems using vulnerable versions of the software.

Another security problem with OpenSSL, which allowed a man-in-the-middle attack, was found in June.

Google said it has "used a number of patches on top of OpenSSL for many years", but there are now over 70 patches for the protocol, which has made it too difficult to manage in Chrome.

"The effort involved in keeping all these patches straight across multiple code bases is getting to be too much," said Adam Langley, a software engineer with Google.

The switch to BoringSSL was officially made today in the latest developer version of Chrome, and will likely filter into the stable channel in several weeks.

Full details on the switch to BoringSSL are available at Chromium Code Review.



Powered by EzPortal