Deprecations and removals in Chrome 67
Deprecate HTTP-Based Public Key Pinning
HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an HTTP header that pins one or more of the public keys present in the site's certificate chain. It has very low adoption, and although it provides security against certificate mis-issuance, it also creates risks of denial of service and hostile pinning.
To defend against certificate misissuance, web developers should use the
Expect-CT header, including its reporting function. Expect-CT is safer than HPKP
due to the flexibility it gives site operators to recover from configuration
errors, and due to the built-in support offered by a number of certificate authorities.
We expect to remove this in Chrome 69.
Intent to Remove | ChromeStatus | Chromium Bug
Deprecate AppCache on Non-secure Contexts
AppCache over HTTP is deprecated. AppCache is a powerful feature that allows offline and persistent access to an origin. Allowing AppCache to be used over non-secure contexts makes it an attack vector for cross-site scripting hacks.
Removal is expected in Chrome 69.
Intent to Remove | ChromeStatus | Chromium Bug
Layout
Several -webkit- prefixed CSS properties will be removed in this release:
-webkit-box-flex-group: This property has virtually zero usage based on the UseCounter in stable.- Percent (%) values for
-webkit-line-clamp: There is interest in finding a standards-based solution to the number values use case, but we haven't seen demand for the %-based values. -webkit-box-lines: This property was never fully implemented. It was originally intended such that a "vertical"/"horizontal"-webkit-boxcould have multiple rows/columns.