SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Google Gives Websites Until November to Change Over Trust Issues

Penka Hristovska
Penka Hristovska Senior Editor
Published on: July 2, 2024
Penka Hristovska Penka Hristovska
Published on: July 2, 2024 Senior Editor

Google announced that starting around Nov. 1, 2024, its Chrome browser will begin blocking websites using certificates from Entrust. The company says this decision follows Entrust’s compliance failures and its inability to promptly address security issues.

Entrust is one of the numerous certificate authorities (CAs) Chrome relies on to verify the trustworthiness of websites visited by end users, and it’s one of the most-used ones worldwide. Entrust’s customers include major entities such as Chase Bank, Dell, Ernst & Young, Mastercard, and Merrill Lynch, as well as various governments around the world.

“Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted [certificate authority] owner,” Google’s Chrome security team said.

Consequently, the tech giant announced that starting with Chrome browser versions 127 and higher, it will no longer trust TLS server authentication certificates issued by Entrust by default. Users navigating to a website with a certificate issued by Entrust or AffirmTrust will encounter an interstitial message warning them that their connection is not secure and private.

After the change, Google users can manually trust these roots to maintain current functionality. Enterprise customers will also have the option to override the constraints starting in Chrome 127 if they wish to use Entrust’s certificates within their internal networks.

The blocking will apply to the Windows, macOS, ChromeOS, Android, and Linux versions of the browser. Chrome for iOS and iPadOS will be exempt due to Apple’s policies that prevent the use of the Chrome Root Store.

The move follows a May report by Mozilla, which detailed numerous issues with Entrust’s certificates between March and May this year. In response to the report and the harsh feedback from the Mozilla community, Entrust acknowledged ““unnecessary” failures “based on our own mistakes or misjudgments” and said “this input is reflected in our plans.”

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Published on: July 2, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment