Google’s recent decision to block Entrust-certified websites marks a significant shift in cybersecurity for Google Chrome users. This move comes as a response to the increasing threat of cyber attacks and the need for stronger security measures. With the rise of online threats, Google is taking proactive steps to protect its users by implementing stricter criteria for website certification. This decision will impact a large number of websites that rely on Entrust certification, prompting them to upgrade their security measures to meet Google’s new standards. As a result, users can expect a safer browsing experience with reduced risks of encountering malicious websites and potential cyber threats.
The recent announcement by Google to restrict access to websites certified by Entrust signals a pivotal change in cybersecurity measures for Google Chrome users. In response to the growing prevalence of cyber threats, Google is taking proactive steps to enhance the security of its platform. By imposing stricter criteria for website certification, Google aims to mitigate the risks associated with online browsing and protect users from potential cyber attacks. This decision will have a significant impact on websites relying on Entrust certification, compelling them to bolster their security protocols to align with Google’s updated standards. As a result, users can anticipate a more secure online environment with reduced exposure to malicious websites and cyber threats.
Google’s Decision to Block Websites with Entrust Certificates
Google has made the decision to block websites that use certificates from Entrust in its Chrome browser, starting around November 1, 2024. This decision comes as a result of compliance failures and the certificate authority’s inability to address security issues in a timely manner. Google’s Chrome security team cited a pattern of concerning behaviors by Entrust, which has eroded confidence in their competence, reliability, and integrity as a publicly-trusted certificate authority owner. As a result, Google intends to no longer trust TLS server authentication certificates from Entrust starting with Chrome browser versions 127 and higher by default. However, these settings can be overridden by Chrome users and enterprise customers if they wish to do so.
Google emphasized the privileged and trusted role that certificate authorities play in ensuring encrypted connections between browsers and websites. The lack of progress by Entrust in addressing publicly disclosed incident reports and unrealized improvement commitments poses risks to the internet ecosystem. The blocking action is expected to cover various versions of the Chrome browser, except for Chrome for iOS and iPadOS due to Apple’s policies. Website operators using Entrust certificates are urged to move to a publicly-trusted certificate authority owner to minimize disruption by October 31, 2024. While website operators could delay the impact of the blocking action by choosing to collect and install a new TLS certificate issued from Entrust before November 1, 2024, they will eventually need to collect and install a new TLS certificate from another certificate authority included in the Chrome Root Store.
Impact on Website Operators and Users
With Google’s decision to block websites using certificates from Entrust, website operators are urged to take action to minimize disruption to their users. The blocking action is expected to result in users being greeted by an interstitial message when navigating to a website that serves a certificate issued by Entrust or AffirmTrust, warning them that their connection is not secure and isn’t private. This could lead to a loss of trust and confidence from users, impacting the reputation and credibility of the affected websites.
Affected website operators, including those whose solutions are used by major companies such as Microsoft, Mastercard, VISA, and VMware, are advised to transition to a publicly-trusted certificate authority owner before the blocking action takes effect. While website operators have the option to collect and install a new TLS certificate issued from Entrust before November 1, 2024, they will eventually need to obtain a new TLS certificate from another certificate authority included in the Chrome Root Store. It is important for website operators to communicate these changes to their users and ensure a smooth transition to maintain the security and privacy of their websites.
Google to Block Entrust-Certified Websites: A Cybersecurity Shift
Topic | Description |
---|---|
Issue | Google’s decision to block websites using certificates from Entrust, a popular certificate authority. |
Reason | Concerns about the security of the certificates issued by Entrust and the potential risks they pose to users. |
Impact | Websites using Entrust certificates may be flagged as insecure in Google Chrome, affecting user trust and website traffic. |
Timeline | Google plans to implement the block in a future version of Chrome, with details to be announced. |
RESULT
Google’s decision to block Entrust-certified websites marks a significant shift in cybersecurity measures for Google Chrome. This move reflects Google’s commitment to enhancing user security and trust while addressing potential vulnerabilities associated with certificate authorities.