Chrome now considers all unencrypted websites as "unsecure"



[ad_1]

Google's Chrome browser now lists all unencrypted sites as explicitly "insecure", starting with the current version of Chrome 68. The change also applies to all HTTP sites, which will now display a image "Unsafe" in the address bar. Sites enabled for HTTPS are not affected by the change.

First announced in February, Chrome's design change is the latest move in a multifaceted Google campaign aimed at boosting encryption on the Web. Login sites have posted similar "insecure" warnings since 2016, with alarms progressively increasing for expired certificates. Google has also subtly powered HTTPS-enabled sites into search rankings since 2014, a significant incentive for webmasters to embrace protection.

In a blog post announcing the change, Google has described it as "a milestone for Chrome security." ] A mockup of the new alert, distributed by Google in February

Alongside the product-based nudges, Google has funded important research on the underlying encryption standards at HTTPS, donating server time for demonstrate a SHA-1 collision in February 2017

HTTPS is a form of web encryption that secures the connection between the user and the sites that he visits. Non-encrypted websites and ad networks are vulnerable to malware injection, a common tactic for low-level cybercriminals.

HTTPS certificates and protocols are widely available – and often free – either through content distribution networks like Cloudflare or public service projects like Let's Encrypt. This availability has encouraged greater adoption in recent years. Google's own HTTPS statistics show that 84% of the pages loaded by Google Chrome users are currently encrypted, compared to only 47% in July 2015.

[ad_2]
Source link