Google Chrome 62 is here, the Not Secure warning? Not so much
Google’s new insecure forms warning for HTTPS sites is still in testing.
Many internet users viewed Chrome 62 as the deadline to install an SSL certificate on your website if you had any forms. After all, Google had advertised its Not Secure warning as arriving in this version on its own security blog. But Chrome 62 is out and the Not Secure warning is no where to be found.
So what gives?
Google Chrome isn’t a traditional piece of software. Here’s how Eric Lawrence describes it on his blog TextSlashPlain:
What isn’t mentioned in the blog post is exactly how this feature will roll out– many readers naturally assume that it’s as simple as: “If you have Chrome 62, then this feature is present.” After all, that’s how software usually works.
In Chrome, things are more interesting. Where possible, Chrome rolls out new features dynamically using the Field Trials platform. You can think of Field Trials as a set of server-controlled flags that allow Google to change Chrome’s behavior dynamically, at runtime, without shipping a new version.
Lawrence goes on to explain the Field Trials are used for two things:
- Experimentation
- Rollouts
Google’s Insecure Fields warning is still in field testing
When Google tests a new feature it creates small test groups and compares telemetries against a control group. If the feature performs well, it’s considered for rollout in Chrome stable. Traditionally Chrome performs these tests on its developmental browsers (Canary, Dev & Beta).
Where things get tricky is the rollout itself. Even with substantial testing, it’s still possible to miss flaws and bugs. By field testing, it allows Google to roll out to a substantial portion of its users, but still a small percentage of the total. Then Google can calibrate everything in Stable to ensure the rollout goes smoothly before ramping up the percentage for a complete release.
If anything goes terribly wrong, the field testing also lets Google tamp things down quickly.
As for the Not Secure/Insecure Forms warning, it will be here soon.
Rest assured that I’m eager to push the new Not Secure warnings to 100% and I expect to get to do so very soon. If you just can’t wait, you can override the field trial and turn it on yourself by changing chrome://flags/#mark-non-secure-as and restarting Chrome.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown