Google is no longer satisfied with the fight against websites that have not yet switched to the secure HTTPS protocol. It also plans to block those whose certificates have been provided by Symantec. A first wave, released before June 2016, was banned at Chrome 66. The second wave concerns certificates issued before December 2017.
This also applies to certification authorities operating under the Symantec banner, such as VeriSign, Equifax, GeoTrust, and RapdiSSL certificates. The cut-off will take place on 16 October when Chrome 70 will be introduced, although Google has already announced its intentions in advance, some sites are still not compliant. To do this, the relevant certificates must be deleted and replaced.
Techcrunch quotes security expert Scott Helme, who has 1139 sites in the Top One Million Alexa. For example, this concerns certain addresses of Castorama, the bus company Eurolines, the casino of Evian, the Federal Bank of India or the official website of the city of Tel Aviv. In practice, it will no longer be possible to access it, as the user will be confronted with a security error message when visiting his address.
Symantec has lost the trust of Google and Firefox
Google accuses Symantec of issuing false and misleading certificates. In particular, Google found that the latter had authorized unreliable companies to issue certificates.
HTTPS certificates encrypt data between your computer and the website or application you use, making it virtually impossible to intercept your data, even on public WLAN. In addition, they prove the integrity of the Website you visit by ensuring that the pages have not been altered by an intruder. Most Web sites obtain their HTTPS certificates from a certification authority that adheres to certain rules and procedures that are approved by Web browsers over time. After losing Google’s trust, Google puts it on the Chrome Bench.
Google is not the only one to sanction this company. Mozilla did the same with Firefox by implementing multiple waves of certificate denials.