Chrome 68 to Flag Potentially Insecure Websites

Posted on July 24, 2018 by Paul Thurrott in Cloud, Google with 4 Comments

Well, it’s finally happening: Starting with its next major release, Google Chrome will flag websites that are not delivered over HTTPS.

Google first announced its plans for this change way in September 2016, when it noted that Chrome didn’t then accurately reflect the lack of security in websites delivered over HTTP.

Since then, Google’s attitude towards insecure website has evolved, however. In October 2017, it announced that it would reverse how website security is identified in Chrome. Now, instead of showing a secure badge for HTTPS sites, it would display nothing; and it would display a “not secure” badge for HTTP sites.

Those changes arrive over the next two Chrome releases. Chrome 68, which Google plans to release today, on July 24, will now flag HTTP sites as “not secure.” And with Chrome 69, due in October, the browser will no longer flag HTTPS as “secure”: Instead, that will be the expectation for websites and only exceptions will be highlighted.

Thanks to Android Police for the reminder.

(Note that Thurrott.com has been delivered over HTTPS since its inception in January 2015. –Paul)

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (4)

4 responses to “Chrome 68 to Flag Potentially Insecure Websites”

  1. Stooks

    So dumb. If a website should be secured then the website owner will probably secure. It is perfectly OK to run a website over port 80/non-secure if port 80 meets all of your needs. Not everything needs to be be secure.


    Because of a few issues with Chrome, which has been my companies default browser for 3 years now, we are looking at FireFox. I hope they make the move.

    • spacein_vader

      In reply to Stooks:

      Won't help you, Firefox has been flagging http as insecure (which it is,) for over a year.

      • Stooks

        In reply to spacein_vader:

        Yes but all it does is have the small circle, no text and most users do not even know about it.


        Also FireFox will let you make exceptions for self signed certificates, which you used to be able to do in Chrome. For that reason our IT team moved to FireFox as we have lot's of internal systems that use self signed certificates and having to click through the Chrome BS every time was a pain.


        My other issue with Chrome (besides tracking the FFF out of you) is they moved where you view a certificate to some bizarre developers mode and I have to Google were it is at. All other browsers allow to quickly view a certificate from the URL bar.

  2. chump2010

    I think every website should be secured, regardless of the content otherwise it becomes vulnerable to Man in the Middle Attacks, but hey I don't need to explain that, when Troy Hunt is more than happy to explain it in post after post about HTTPS:


    www.troyhunt.com/im-sorry-you-feel-this-way-natwest-but-https-on-your-landing-page-is-important/


    www.troyhunt.com/heres-why-your-static-website-needs-https/


    www.troyhunt.com/https-adoption-has-reached-the-tipping-point/


Leave a Reply