Google Chrome is Changing its SSL Security Indicators
New version of Google Chrome will include changes to the visual indicators for SSL/TLS.
When you connect to a website, your web browser shows you a security indicator to tell you about the connection your computer has to that site. When a site is using SSL, all major browsers will display “https://” at the beginning of the URL in the address bar, along with a green padlock icon. These indicators tell you that your connection is private and encrypted, both features enabled by SSL/TLS.
Lately, browsers have been tinkering with these icons as they learn more about how to build more effective security UX. In a new release of Google Chrome, we can get a peek at changes of most security indicators related to SSL.
Depending on what OS you are using, you may already be seeing these changes. For Mac OS, these changes are part of Version 52 of Chrome, which was released one week ago. Windows users will be waiting one more release, until Version 53.
For the most part, these changes are small – mainly stylistic. For sites loading over HTTP (which is not secure), the blank page icon has been replaced with an info icon. For sites with badly misconfigured HTTPS, the padlock-with-red-X has been replaced with an exclamation point inside a red triangle.
The indicator for sites with properly configured SSL is only see stylistic changes. However, for sites using an Extended Validation (EV) SSL certificate, there are bigger changes coming (read on to the next section).
On Windows, we can expect v53 to become the stable version around September of this year. At that point, the general internet audience will see this new UI. If you want to see the changes for yourself today, just make sure you have updated your browser on Mac, or download Chrome Canary for Windows and head over to badssl.com, an excellent website that allows you to test a variety of SSL configurations.
Browsers Change EV SSL UI
Extended Validation (EV) SSL Certificates offer the highest level of validation and confirm the real-world legal organization operating a website. The major web browsers recognize this and have an additional UI element for EV SSL Certificates.
Until recently, this unique UI was the “green address bar” (or “green bar”). That name refers to the green rectangle that surrounded the validated organization name. Of the four major browsers – Chrome, Firefox, Edge, and Safari – only Chrome still has the green bar (see below).
In addition to the other changes to Chrome’s security UI, they will also join the rest of the browsers in replacing the green bar.
In its place, all four browsers prominently display the organization name in green (and most also include the country where the organization is legally registered/incorporated). This change is a result of user studies and a reframing of SSL’s security benefits.
Below you can see screenshots of how EV SSL certificates are treated in the upcoming version of Chrome, and the current versions of Firefox, Edge, and Safari.
On Windows, expect to see all these changes landing in Chrome 53, which should be released around September. Chrome’s security team remains hard at work on their plan to simplify security UX and eventually flip the paradigm by actively showing HTTP as unsecure. We will be here to cover the security indicators and UX of all browsers as they progress.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown