Many users will lose access to a lot of popular websites as Google will soon start restricting access. Chrome 70 will restrict website access because of flawed security certificates.
The web browser will restrict websites that have an older version of Symantec certificates. These certificates were issued before June 2016 and included GeoTrust, Equifax, RapidSSL, Thawte, and VeriSign certificates.
Google had given websites well over a year to update their security certificates, but many have still fallen behind.
Security expert Scott Helme found more than 1100 websites in the top one million websites ranked by Alexa, that had a flawed security certificate. These sites included Federal Bank of India, SSRN, Citrus, Pantone, Penn State Federal, Tel-Aviv city government’s website and tenpay.com
There were other famous websites on the lists as well, such as SolidWorks, OneIdentity, and Ferrari but these sites have since moved to better certificates, to prevent any conflicts.
Security certificates encrypt data between web server and a user’s PC. This ensures safe web traffic, makes it impossible to intercept web traffic and even a public Wi-Fi connection becomes secure.
Moreover, HTTPS certificates ensure that a website hasn’t been attacked or transformed by a hacker.
Certificate authorities are the ones who issue HTTPS certificates. These certificates need to follow certain rules and regulations that are in line with specific criteria set by web browsers. Over time, the webs browsers start to trust these websites.
If this trust gets broken somehow, the browser can cut ties with the certificate issuing authority completely and nullify the status of all websites using these certificates.
This is the reason why Google decided to pull the plug on Symantec security certificates last year. The search engine behemoth had discovered that Symantec had been issuing certificates without following the proper protocols.
Also Read: Chrome 70 to help people get over the controversial login feature of 69
Symantec was issuing incorrect and deceptive security certificates. The certificate issuing organization was later found guilty of not following proper protocols and using third-party organizations to issue certificates without due diligence.
This has created a lot of issues for a lot of websites. These websites have started eliminating their security certificates and replacing them with better ones. This is to prevent Chrome from displaying security warning on their site, and to prevent any flags when Chrome 70 update goes live.
Luckily it’s not all doom and gloom in the world of web browsers. Some security certificate issuing organizations are still doing a decent job securing websites.
Free HTTPS certificate issuing organization Let’s Encrypt from all the major web browsers including Google Chrome, Apple Safari, Mozilla Firefox, and Microsoft Edge have all developed a harmonious bond with the company.
This strife between Chrome and Symantec should send a warning to other security certificate organizations to be more careful while conducting their security checks.
Fazeel Ashraf
Amnah Fawad
Jazib Zaman
Hafsa Akbar Ali