Chrome 56 to Mark Some HTTP Pages as Insecure

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Chrome 56, set for release in January 2017, will start marking HTTP pages that contain sensitive content such as passwords or payment forms as insecure, Google announced today.

Google's end goal is to mark all HTTP pages with a red icon specific to broken HTTPS connections, but the company plans to do this in several stages.

The first stage, as explained today by Emily Schechter from the Chrome Security Team, starts next January when the browser will start prepending the phrase "Not secure" before the page's URL (see image below).

"In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as 'not secure' in Incognito mode, where users may have higher expectations of privacy," Schechter explains. "Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS."

Current Chrome versions don't use any kind of indicator to highlight that the user is navigating via an insecure HTTP connection that transfers data in cleartext.

Google: HTTPS usage has gone up
HTTP connections are considered insecure in the eyes of many security experts and companies, but there are a lot of users that don't pay special attention if the site they're navigating uses HTTP or HTTPS.

Google's groundbreaking decision comes to educate users about the dangers of HTTP connections that are susceptible to MitM attacks, among many things.

Data sent through HTTP connections, such as passwords or payment details, can be easily intercepted by a person on the same network.

Google has been pushing for sites to use HTTPS. Mozilla has been doing the same thing, through its Let's Encrypt project that provides free TSL certificates for website owners so they can implement HTTPS for their services.

Google says that according to Chrome telemetry, around half of the web pages loaded in its browser on a daily basis are via HTTPS.
Click to expand...
 
  • Like
Reactions: silversurfer, Der.Reisende, Jack and 9 others
Y

yigido

wZUsRiCYxOJREstx8-OUXejHtKww8cEse5S17TYc3MRGR7ymFjRFP3Ti-78_mWBWuc6rNxP1FFszfPCbtpbckV3hdjt4LpPX-INun5B_9EuNLShSkijqWS8CvkWBjYRUrO7KPSy0


It is great! Writing "Not Secure" before the domain makes people feel "they are not safe while viewing that site"..so this behavior of Chrome will force that websites to use HTTPS.
 
Last edited by a moderator:
  • Like
Reactions: silversurfer, Der.Reisende, Jack and 7 others
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
A great step forward I agree Sheep, but on pages like the ones you, I , and others have bookmarked,
be honest how often do you look up at that address bar unless your typing or pasting in it ?
I think the average user will be oblivious to this till Chrome starts blocking them outright lol :)
 
  • Like
Reactions: Der.Reisende, Logethica, frogboy and 1 other person
ElectricSheep

ElectricSheep

Level 14
Verified
Top Poster
Well-known
Aug 31, 2014
655
_CyberGhosT_ said:
A great step forward I agree Sheep, but on pages like the ones you, I , and others have bookmarked,
be honest how often do you look up at that address bar unless your typing or pasting in it ?
I think the average user will be oblivious to this till Chrome starts blocking them outright lol :)
Click to expand...

Very good point indeed, ghostly one:) At least we, because we have more awareness, probably check the bar a little more often than the average user, and I'm in the habit of checking what comes up in the bottom left when I hover over hyperlinks.:)

But yes, the average user probably just clicks clicks and clicks through without a thought for what they're doing:eek::eek:
 
Last edited:
  • Like
Reactions: Der.Reisende, Logethica, frogboy and 1 other person
NekoHr

NekoHr

Level 3
Verified
Well-known
Feb 5, 2016
139
ElectricSheep said:
Very good point indeed, ghostly one:) At least we, because we have more awareness, probably check the bar a little more often than the average user, and I'm in the habit of checking what comes up in the bottom left when I hover over hyperlinks.:)

But yes, the average user probably just clicks clicks and clicks through without a thought for what they're doing:eek::eek:
Click to expand...

On the other hand, if all HTTP is marked Not secure than "regular" users will assume all HTTPS (not Not secure) is secure and just click through.

Setup phishing site with HTTPS and profit cause it is secure. ;)
 
  • Like
Reactions: Logethica
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Hackers modify online stores’ 404 pages to steal credit cards
Replies
0
Views
983
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
CyberTech
    • Like
    • Applause
    • +Reputation
New Update Google Chrome now auto-upgrades to secure connections for all users
Replies
5
Views
871
Chrome & Chromium
dinek
D
Ink
    • Like
    • Applause
    • +Reputation
New Update Chrome to block insecure HTTP downloads
Replies
0
Views
590
Chrome & Chromium
Ink
Ink

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top