Google S-Day Arrives: Chrome warns about non-HTTPS sites
True to their word, Google today released version 68 of their Chrome Browser and, as promised, they have changed the way they warn users about potential issues with web sites.
In previous versions, Chrome (and Firefox and most other browsers) alerted users to sites that were not using SSL with a red padlock next to the URL, and sites with mixed content displayed an orange padlock.
Starting with version 68, Chrome now uses a stronger warning system. If you haven’t yet converted your site to HTTPS / SSL, now is the time to give it serious consideration. You should also check that your site correctly redirects from HTTP to HTTPS in case anyone enters just the domain name into the browser.
On their Google Chrome Help page, Check if a site’s connection is secure, they preview what this now looks like to users:
Check if a site’s connection is secure
To see whether a website is safe to visit, you can check for security info about the site. Chrome will alert you if you can’t visit the site safely or privately.
- In Chrome, open a page.
- To check a site’s security, to the left of the web address, look at the security status:
- Secure
- Info or Not secure
- Not secure or Dangerous
- To see the site’s details and permissions, select the icon. You’ll see a summary of how private Chrome thinks the connection is.
What each security symbol means
These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if Chrome trusts that certificate, and if Chrome has a private connection with a site.
Information you send or get through the site is private.
Even if you see this icon, always be careful when sharing private information. Look at the address bar to make sure you’re on the site you want to visit.
The site isn’t using a private connection. Someone might be able to see or change the information you send or get through this site.
On some sites, you can visit a more secure version of the page:
- Select the address bar.
- Delete
http://
, and enterhttps://
instead.
If that doesn’t work, contact the site owner to ask that they secure the site and your data with HTTPS.
We suggest you don’t enter any private or personal information on this page. If possible, don’t use the site.
Not secure: Proceed with caution. Something is severely wrong with the privacy of this site’s connection. Someone might be able to see the information you send or get through this site.
You might see a “Login not secure” or “Payment not secure” message.
Dangerous: Avoid this site. If you see a full-page red warning screen, the site has been flagged as unsafe by Safe Browsing. Using the site will likely put your private information at risk.
Leave a comment