Google Sets Deadline for New Chrome Security Rules: Websites Must Comply by November 1
In a major move to enhance security and privacy for its 3.45 billion users, Google has announced a significant policy change for its Chrome browser. Starting November 1, Chrome will no longer trust digital certificates issued by Entrust, a prominent certificate authority used by major organizations and governments worldwide. This change will impact institutions like Chase Bank, Dell, Ernst & Young, Mastercard, and Merrill Lynch, among others.
Google to Revoke Trust in Entrust Digital Certificates
Google’s decision, announced on June 27, cites the need to prioritize user security and privacy as the main reason for this change. The Chrome Security Team stated that they “are unwilling to compromise on these values,” highlighting that Entrust’s behavior in recent years has failed to meet Google’s standards for competence, reliability, and integrity. This decision also affects certificates issued by AffirmTrust, which Entrust acquired in 2016.
The Entrust Response
In response to Google’s decision, Bhagwat Swaroop, president of digital security solutions at Entrust, acknowledged lapses in their handling of recent incidents. Swaroop admitted that some issues were not reported correctly and that their initial decision not to revoke certain impacted certificates was incorrect. While Swaroop assured that these lapses were not malicious, he conceded that Entrust did not balance the requirements of root programs and subscriber needs effectively. Despite Entrust’s commitment to making lasting changes, it seems Google’s confidence in the company has already eroded.
Implications for Google Chrome Users
For users of Google Chrome, this means that from November 1, any Entrust or AffirmTrust TLS server authentication certificates signed after October 31 will no longer be trusted. Chrome 127 and later versions on all major platforms, including Android, ChromeOS, Linux, macOS, and Windows, will block these certificates. Users attempting to access sites with these certificates will encounter a ‘connection not private’ warning, indicating a potential security risk.
Conclusion
This decisive move by Google underscores its commitment to maintaining a secure browsing experience for its users. Websites relying on Entrust and AffirmTrust certificates will need to transition to new certificate authorities before the November 1 deadline to avoid disruptions. For more information, you can read the full announcement on Forbes.
Join Our WhatsApp, Facebook, or Telegram Group For More News, Click This Link Below;WhatsApp Channel
https://whatsapp.com/channel/0029VaTsG6L60eBZ0fm9Za1O
WhatsApp Group
https://chat.whatsapp.com/DCV43KxQ6PZDj66acQ7ULM
Facebook Page
https://facebook.com/allmediaconnect
Our Twitter Page
https://www.twitter.com/allmediaconnect
Telegram Group
