The upcoming version of the Google Chrome web browser will include a new security check labelling old security certificates as non-trusted. This poses a serious issue as many of the top 1 million sites are still using them. Many of these addresses are home to government sites, enterprise home pages and etc.
Google Chrome Update May Label Top Sites as Unsafe
A security researcher has discovered that a very large part of the top 1 million sites are using old certificates issued before June 2016 are to become non-trusted by the next version of Google Chrome. The next version of the browser is scheduled to be released in the middle of this month and it will mark these sites as non-trusted. This is a very dangerous situation as it can confuse ordinary Internet users that are accessing company sites into believing that they are the target of a phishing scam attack.
Google Chrome will not block the sites but present various notifications and pop-ups warning the users that they are not safe. The reason for this is that these certificates are not deemed secure enough. The announcement about this process was posted by both Mozilla and the Google team because Symantec was distrusted as a certificate authority. Following the responses from the developers Symantec sold their security certificates division to DigiCert which is another provider.
The site operators that use the old Symantec certificates will need to transition to another certificate in order to remain marked as “safe” when the update rolls out. It is planned that the stable version of Chrome 70 will be released in the coming weeks of October 2018. Its beta version includes code that removes the trust flag in the old Symantec-rooted infrastructure. The release notes indicate that the TLS certificates issued by the old infrastructure will be affected with no regard of the issuance date.