Chrome 68 to Flag Potentially Insecure Websites
- Paul Thurrott
- Jul 24, 2018
-
4
Well, it’s finally happening: Starting with its next major release, Google Chrome will flag websites that are not delivered over HTTPS.
Google first announced its plans for this change way in September 2016, when it noted that Chrome didn’t then accurately reflect the lack of security in websites delivered over HTTP.
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
Since then, Google’s attitude towards insecure website has evolved, however. In October 2017, it announced that it would reverse how website security is identified in Chrome. Now, instead of showing a secure badge for HTTPS sites, it would display nothing; and it would display a “not secure” badge for HTTP sites.
Those changes arrive over the next two Chrome releases. Chrome 68, which Google plans to release today, on July 24, will now flag HTTP sites as “not secure.” And with Chrome 69, due in October, the browser will no longer flag HTTPS as “secure”: Instead, that will be the expectation for websites and only exceptions will be highlighted.
Thanks to Android Police for the reminder.
(Note that Thurrott.com has been delivered over HTTPS since its inception in January 2015. –Paul)
Conversation 4 comments
-
Stooks
<p>So dumb. If a website should be secured then the website owner will probably secure. It is perfectly OK to run a website over port 80/non-secure if port 80 meets all of your needs. Not everything needs to be be secure.</p><p><br></p><p>Because of a few issues with Chrome, which has been my companies default browser for 3 years now, we are looking at FireFox. I hope they make the move.</p>
-
Stooks
<blockquote><em><a href="#295048">In reply to spacein_vader:</a></em></blockquote><p>Yes but all it does is have the small circle, no text and most users do not even know about it.</p><p><br></p><p>Also FireFox will let you make exceptions for self signed certificates, which you used to be able to do in Chrome. For that reason our IT team moved to FireFox as we have lot's of internal systems that use self signed certificates and having to click through the Chrome BS every time was a pain.</p><p><br></p><p>My other issue with Chrome (besides tracking the FFF out of you) is they moved where you view a certificate to some bizarre developers mode and I have to Google were it is at. All other browsers allow to quickly view a certificate from the URL bar.</p>
-
chump2010
<p>I think every website should be secured, regardless of the content otherwise it becomes vulnerable to Man in the Middle Attacks, but hey I don't need to explain that, when Troy Hunt is more than happy to explain it in post after post about HTTPS:</p><p><br></p><p>www.troyhunt.com/im-sorry-you-feel-this-way-natwest-but-https-on-your-landing-page-is-important/</p><p><br></p><p>www.troyhunt.com/heres-why-your-static-website-needs-https/</p><p><br></p><p>www.troyhunt.com/https-adoption-has-reached-the-tipping-point/</p><p><br></p>