Lame. Is there any real reason to do this? Does the code take a lot of maintenance, aimed as it is against a protocol from 1971? Is there a reason to cut people off from easy interoperability with links on the older parts of the web, many of which surprisingly do still work?
FTP sucks, sure, we get it. No reason to use it now. Still, Google seems to have a mission of deprecating the old Web, from their search results that push that kind of content down, to their browser deprecations of FTP and Flash and Java applets. How is one supposed to even see the old parts of the web anymore?
The code is old, and hard to secure. It lives in the browser rather than a subprocess, so is unsandboxed.
The FTP protocol itself isn't a nice binary protocol - it was designed for humans to type by hand, so has a lot of flexibility, leading to a lot of corner cases in the code.
There is also the fact that the flexibility of FTP allows the browser to attack other devices on the local network. For example, I could navigate an iframe to FTP://evil_payload@127.0.0.1:3389, allowing me to send a possible exploit to your your machine, bypassing firewalls.
Considering how few people use it, and the risks it still poses to everyone, I can see why they want to get rid of it.
There is also the fact that the "modern browser" is no longer a browser but a program which runs remote code with local privileges and sometimes with elevated privileges. The main reason they want to deprecate ftp is the same reason they used for other protocols: it is much easier to control 1 protocol (https) instead of 10 (http, ftp, rss, ntp etc.). Especially when they decide which certificate is trusted in their browser (which browser (engine) happens to be the only one used by the majority).
So you're saying ftp support could have simply been disabled by default where people who need it can simply turn it on? Also, the attack you're describing is a "cross protocol" attack for which modern browsers (at least firefox) have mitigations in place.
If you read the OP it says that their support for FTP is already pretty limited. Doesn't support encrypted FTP (FTPS) or proxies. Kinda goes against the effort they're making to push encrypted connections with HTTP.
They'd have to spend time and effort getting their implementation up to scratch.
Kinda makes sense to scrap the FTP support as there's not much of a user base and leave it to dedicated software like FileZilla/WinSCP/CyberDuck etc. etc.
I'm honestly surprised that FTP is still supported in web browsers. FTP is as non-web as you can go without resorting to Gopher - plus the protocol is Anfient and Broken (and plaintext [shudder]). This shouldn't have been a part of any browser, ever.
There are still sites that have magnet: downloads. Sucks to have to install a dedicated client where you could just click and download in the browser. Where's the difference, except for "we've always done this, and we've never done that, therefore this good, that bad"?
Why of course. To assert dominance! and maintain influence.
It's not about "the old parts",it's more like google's elitist engineers do a stats count and notice only 0.1% kf users use a feature so why spend time maintaining it. Awww,they'll get over it. So what if 0.1% of billions is a million people,not like chrome makes money anyway. What will people do? Boycott google products over ftp support?
Please support google product alternatives. This is how AT&T and Comcast became the way they are. A long slippery slope of not really caring about x% of users.
FTP sucks, sure, we get it. No reason to use it now. Still, Google seems to have a mission of deprecating the old Web, from their search results that push that kind of content down, to their browser deprecations of FTP and Flash and Java applets. How is one supposed to even see the old parts of the web anymore?