Chrome 124 is more secure than ever, but it also causes problems with website infrastructure. New quantum secure encryption is now enabled by default. This immediately breaks the various connections between applications, servers, and firewalls.
The encryption method, known as X25519Kyber768 (or simply “Kyber”), protects against “store now, decrypt later” attacks. In other words: a malicious party could capture encrypted data, but it wouldn't be hackable even with a quantum computer in the future.
TLS issues
Today, the web infrastructure appears to be partially unprepared for this encryption. Due to a configuration error, both ends of the TLS expect a certain amount of data that is different from the actual data. All types of network equipment need patching to communicate seamlessly with Chrome and Edge (also based on Chromium) as standard.
The problem arises with the so-called “ClientHello” handshake, which is done based on TLS (Transport Layer Security). The TLS handshake is the foundation of the modern Internet, where all types of components verify each other. Among other things, the two communicating entities determine the encryption method used.
Solution
It is possible to disable the security feature in Chrome or Edge. However, traffic is not encrypted in the new way, which means attackers may be able to crack older encryptions in the future.
If you still choose to do this, you as an administrator can ensure that everything is working properly again via the policy. In this case, PostQuantumKeyAgreementEnabled will be disabled in Chrome. You can also create a group policy in Edge that fixes the issue. According to both Google and Microsoft, this is a temporary solution, as patches should eventually resolve the issues.
Read also: Old SMTP continues to spawn new phishing techniques
