Connections to HTTP, HTTPS or FTP servers of ports 989 and 990 will fail. These ports are used by the FTPS protocol, which has never been implemented in Chrome. However, FTPS servers can be attacked in a cross-protocol attack by malicious web pages using carefully-crafted HTTPS requests.
This is a mitigation for the ALPACA attack. See https://alpaca-attack.com/.
Firefox is blocking this port. While there hasn't been feedback from Safari, they generally align with the Fetch standard on port blocks. This will inescapably cause problems for developers running servers on port 989 and 990. They will have to move to a different port. We strongly recommend using port 80 for HTTP and 443 for HTTPS to avoid the risk of future blocks.
No impact.
None needed.
This is a security improvement. The main risk is that we will have to block more ports in future.
Not needed.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAC_ixdznr0q3-x0wHMr2BWJ-4nuWVPjDp_wc0DD-Gofc5K2j2A%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWYXH0nftfpLRkKjgHd0LK_7u7jXKNaqwsTK_w6gdfF1w%40mail.gmail.com.