Advertisement

Chrome's upcoming security change will break hundreds of sites

The issue is more with the site operators than Google.

Google will strengthen Chrome's security with its next release, but that might have some unintended consequences for the sites you use. Security researcher Scott Helme has found that hundreds of the top 1 million sites are using old Symantec HTTPS certificates (pre-June 2016) that won't be trusted when Chrome 70 arrives as soon as October 16th. Some of these are vital sites, too, including multiple Indian government sites, the government of Tel Aviv and Penn State Federal Credit Union.

A few, such as Ferrari and Solidworks, were on the list but have since switched to newer certificates and shouldn't face a problem. This won't block sites outright, to be clear. However, it will pop up warnings that will be annoying and might discourage the security-conscious.

While that sounds like it could foster chaos, the holdouts had plenty of warning. Google warned that it would stop trusting some Symantec certificates last year after discovering that the security firm had been improperly handing out the credentials. It also started distrusting some certificates with Chrome 66 this spring. If a company isn't planning to switch to more trustworthy certificates, it's likely either unaware of security developments or hoping to avoid paying for a new certificate until it's absolutely necessary,