Google is out with its fourth update for the Chrome browser this year updating the dev-channel version to 2.0.158.0. The new Chrome browser might end up being a help in the fight against bad MD5 certificate usage.
The new version is mostly a bug fix for WebKit issues that were introduced by Google updating to a new version of WebKit for recent releases.
“…those changes may improve layout on some sites, but are mostly minor tweaks you won’t notice,” Mark Larson, Google Chrome Program Manager blogged. “That’s a roundabout way of saying, we probably didn’t fix the issue that’s been bugging you the most this week.”
A closer look at the release notes for the 2.0.158.0 release reveals that there is one other key issue addressed by the update:
MD5.
I first reported on problems with the MD5 encryption back in 2004. Fast forward four years and apparently people were still using MD5 to sign their SSL certificates- and that’s not a good thing.
So Google has added a little feature that will track how often Chrome users are encountering MD5 certificates. This is a good thing and hopefully will end up being part of the broader solution for getting rid of MD5 for SSL.