Unsecured HTTP pages will now be flagged by Chrome as secure HTTPS becomes the norm.
Google Chrome browser version 68 will now signpost unencrypted sites with a “Not secure” notice in the URL bar to alert users to their connection status, Google has announced.
The update comes as part of Google’s pledge to push secure HTTPS pages across the browser while simultaneously removing the “Secure” notification alongside them to help normalise their presence. By not flagging secure pages, Google can then more clearly highlight when an unencrypted page is displayed. Chrome won’t notify you every time you visit a standard HTTP page, but it will if it believes it to be a critical one, such as online banking or a site that’s set up to collect personal information from you.
Google Chrome will remove the “Secure” marker from pages starting this September, with the arrival of “Not secure” warnings rolling out from October.
If you’re wondering why it’s taken just so long for Google to start marking up pages as “Not secure”, Google’s argument is that, until recently, there have just been too many unencrypted pages out there to flagpost them all. Over time, that balance has switched, and it’s now a more straightforward process.
To signify a secure page, Chrome currently displays a little lock icon and the word “Secure” next to the start of a URL. It also highlights the HTTPS section of a URL to showcase that it is, indeed secure. On non-secure pages you’ll simply see a “Not secure” notification that then flashes to red with an alert triangle once you start entering any personal information into a form.
Chrome’s push towards a secure web has certainly had an impact already, with many websites making the shift over to the new standard. However, it’s not quite clear if these changes will have quite the same impact on how people actually use the web. As Kaspersky Lab principal security researcher David Emm explained in a comment on the shift to HTTPS, it’s always about greater peace of mind.
“Without HTTPS, data is vulnerable to interception as it travels across the website – which of course presents a very good opportunity for cybercriminals to gather and manipulate it,” explains Emm. “The fact that a web browser flags the fact that HTTPS is not implemented is a good thing for consumers. It’s a signal that they should adopt an air of caution when using them – specifically when required to enter confidential details. However, you should ensure that they choose unique, hard-to-guess passwords for all sites that require you to share sensitive information.”