Google Chrome is dropping support for a key privacy system – but it could be for a good reason

Celebrity Gig

Google has announced that it will cease to trust certifications from Entrust, a prominent certificate authority, starting November 1, 2024.

The change, which will affect Chrome browsers from version 127 onward, stems from what Google describes as Entrust’s prolonged failure to adhere to compliance standards and address security issues.

Google’s decision follows a series of incident reports that have negatively impacted confidence in Entrust’s ability to serve as a reliable certificate authority.

Google will drop Entrust support from November

The Chrome Security Team wrote in a blog post: “Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.”

READ ALSO:  Google first Pixel Watch with Fitbit review: Too little, too late

Post-November 1, TLS server authentication certificates validated to Entrust or AffirmTrust roots will not be trusted by default, however Chrome users will still have the option to manually trust these certificates if they wish to maintain existing functionalities, though at an implied risk.

Google isn’t the only company expressing dissatisfaction, with Mozilla also documenting Entrust’s certificate issues several weeks ago.

READ ALSO:  Alphabet to cut staff of health sciences unit Verily by 15%

Website operators using Entrust certificates must transition to a new certificate authority before the November cutoff in order to avoid disruptions.

The Chrome Security Team added: “Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports.”

Google confirmed that the change will come into effect with Chrome 127 on Windows, macOS, ChromeOS, Android, and Linux, however Apple policies “prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.”

READ ALSO:  Google One VPN rebrands as Pixel VPN as service axed for most

An Entrust spokesperson (via The Register) commented on Google’s decision: “The decision by the Chrome Root Program comes as a disappointment to us as a long-term member of the CA/B Forum community. We are committed to the public TLS certificate business and are working on plans to provide continuity to our customers.”

More from TechRadar Pro

Categories

Share This Article
Leave a comment