Yesterday Google has released Google Chrome 104 with a number of new features in it, one of the new features presented is the Web Bluetooth API, which is quite interesting for us to discuss this time.
Now this API is now integrated with Permission Policy empowering website to communicate with other devices via bluetooth, but the method is not with cross-origin iframe. Google believes that with this API, it will open multiple channels of productivity and communication without compromising security.
However, on the other hand, Mozilla and Apple, both have input “negative” about the API. Where even Apple believes APIs will degrade security and allow behavior fingerprint which poses a risk to user security.
Following up on this, Apple said that they “have not seen a way to solve the problem of the API”, and Mozilla also voiced the same thing by calling the API “dangerous”:
“This API provides access to Bluetooth’s Generic Attribute Profile (GATT), which is not the lowest level of access permitted by the specification, but its generic nature makes it impossible to clearly evaluate. As with WebUSB, there is significant uncertainty about how well a device is prepared to accept requests from changing sites. The generic nature of the API means that this risk is difficult to manage. Web Bluetooth CG has chosen to rely solely on user consent, which we believe is not sufficient protection. The proposal also uses a block list, which would require constant and active maintenance to keep vulnerable devices from being exploited. This model is unsustainable and presents a significant risk to users and their devices.said Mozilla.
Regarding Chrome 104, although this version brings significant updates, unfortunately this Web Bluetooth API feature is quite controversial, even to the point of being rejected by Apple and Mozilla. But what about Microsoft and all browsers that use the same Chromium base?, maybe everyone will follow Google’s steps, because once again, the Chromium browsers are still the same family, except for Apple Safari and Mozilla Firefox.
So, what do you think about this?, if you are curious about the Web Bluetooth API, you can see information from the Web Bluetooth API on the following page.
Via: ChromeStatus, Neowin