- Cyber Syrup
- Posts
- Google Chrome To Block Sites With Entrust Web Certificates
Google Chrome To Block Sites With Entrust Web Certificates
Google has announced that, starting November 1, 2024, its Chrome browser will block websites using TLS certificates from Entrust
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Join the live session: automate compliance & streamline security reviews
Whether you’re starting or scaling your company’s security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money — while helping you build customer trust.
And, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.
Google Chrome To Block Sites With Entrust Web Certificates
Understanding TLS Certificates
Transport Layer Security (TLS) certificates are crucial for securing online communications. They encrypt data between users and websites, ensuring that sensitive information like passwords and credit card numbers remains confidential. Certificate authorities (CAs) issue these certificates, verifying the legitimacy of websites.
What Is Happening?
Google has announced that, starting November 1, 2024, its Chrome browser will block websites using TLS certificates from Entrust. This decision follows Entrust's repeated failures to meet compliance standards and address security issues promptly.
Google's Statement
According to Google’s Chrome security team, a series of publicly disclosed incidents revealed behaviors by Entrust that undermine trust in its competence and reliability as a CA. As a result, Google will no longer trust TLS server authentication certificates from Entrust in Chrome versions 127 and higher by default. However, users and enterprise customers can choose to override these settings if needed.
Impact on Devices
The blocking will apply to Chrome on Windows, macOS, ChromeOS, Android, and Linux. However, Chrome on iOS and iPadOS will not be affected due to Apple's policies that restrict the use of the Chrome Root Store.
Why Does This Matter?
CAs like Entrust play a critical role in maintaining secure, encrypted connections on the internet. When a CA fails to respond adequately to security issues, it poses risks to the entire internet ecosystem. Google's action aims to safeguard users from potential vulnerabilities associated with Entrust's certificates.
Who Is at Risk?
Website Operators
Operators of websites using Entrust or AffirmTrust certificates are at risk of having their sites blocked by Chrome, resulting in warnings that the connection is not secure. Major companies like Microsoft, Mastercard, VISA, and VMware, who use Entrust solutions, could be significantly affected.
Users
Users attempting to access affected websites will encounter warnings about insecure connections, which may deter them from proceeding. This can disrupt their online experience and compromise their data security.
How to Protect Yourself
For Website Operators
Switch to a Trusted CA: Move to another publicly-trusted CA before October 31, 2024, to avoid disruptions. Google provides a list of trusted CAs in the Chrome Root Store.
Install New TLS Certificates: Even if operators delay the impact by obtaining a new certificate from Entrust before the deadline, they will ultimately need to switch to a different CA to ensure continued trust in Chrome.
Monitor Updates: Stay informed about further announcements from Google and other browser vendors regarding CA trust decisions.
For Users
Stay Informed: Be aware of the potential security warnings when visiting websites, especially after November 1, 2024.
Check Security Alerts: If you receive a warning about a website's security certificate, consider whether you trust the site before proceeding.
Use Updated Browsers: Ensure your browser is up to date to benefit from the latest security features and protections.
Conclusion
Google's decision to block Entrust certificates in Chrome underscores the importance of maintaining rigorous security standards for CAs. By understanding the implications and taking proactive measures, both website operators and users can protect themselves from potential risks associated with insecure connections.
As the deadline approaches, affected parties must act promptly to ensure their online security and maintain user trust. For a seamless browsing experience, it's crucial to stay informed and prepared for these changes.