On or around October 16, 2018, the new Chrome 70 will arrive. if you currently have Chrome installed, it will automatically update.
Core to the new Chrome is an upgrade to security. Specifically, Chrome will no longer trust HTTPS certificates issues by Symantec prior to June 2016. This includes Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates. Security researcher Scott Helme found 1,139 sites in the top one million sites ranked by Alexa, including Citrus, SSRN, the Federal Bank of India, Pantone, the Tel-Aviv city government, Squatty Potty and Penn State Federal to name just a few.
HTTPS certificates encrypt the data between your computer and the website or app you’re using, making it near-impossible for anyone — even on your public Wi-Fi hotspot — to intercept your data. Not only that, HTTPS certificates prove the integrity of the site you’re visiting by ensuring the pages haven’t been modified in some way by an attacker. Most websites obtain their HTTPS certificates from a certificate authority, which abide by certain rules and procedures that over time become trusted by web browsers. If you screw that up and lose their trust, the browsers can pull the plug on all of the certificates from that authority. For these reasons, Google stopped supporting Symantec certificates last year after it was found to be issuing misleading and wrong certificates, as well as allowing non-trusted organizations to issue certificates without the proper oversight.
WILL THIS BE AN ISSUE FOR YOU?
Before the new Chrome arrives, check out the sites of importance to you. For example, if you use www.pantone.com:
- Visit this site in Chrome.
- Click the Lock icon in the address bar.
- From the drop-down menu, select Certificate.
- In the bottom text field, look for the Issued by: text. If issued by Thawte, VeriSign, Equifax, GeoTrust, RapidSSL, or Symantec prior to June 2016, you will have problems accessing the site using Chrome 70.
WHAT TO DO
If an important site hasn’t updated it’s HTTPS certificate after Chrome 70 installs, you should still be able to access the site using other browsers (unless they take the same security stance as Google–none have so stated). Quality alternative browsers include Brave, Edge, Firefox, and Safari.