As of September 2018, Google plans to strengthen the Web security on its Chrome browser by removing the Secure URL label. This Chrome Secure URL label is known for helping users identify whether the websites they are currently visiting are safe.
The official announcement was posted on Google Chrome's official blog by its Security Product Manager, Emily Schechter. According to her statement, they will deploy this update with their launch of Google Chrome’s version 69 scheduled to be released in September 2018. This version will not have the green "Secure" text and padlock icon that usually appears in the URL bar of the Chrome browser for those websites that have the HTTPS classification.
Google’s decision to remove the green secure box for HTTPS websites is based on the fact that initially the practice of providing the green “secure” label was when HTTPS sites were a minority. Considering that presently is not true, Google will now switch to labeling HTTP websites as unsecured.
According to Emily Schechter’s statement, they will rely on user knowledge about the safety of websites, hoping that internet users would recognize dangerous sites and chose not to visit them.
Emily Schechter also posted a graphic image of chrome version 69 showing the eventual treatment of HTTPS websites on her official post.
What is HTTPS And its Role in Website Security
HTTP stands for Hypertext Transfer Protocol. The 'S' at the end of HTTPS stands for "Secure." If sites do not have HTTPS label, it means that users' data could be compromised.
When making an online purchase or submitting your sensitive information like the credit card details on a website, there are two big things to think about. The first is whether the connection from your computer to the company's computer is secure. All of the personal data traveling from one computer to another needs to be secure so that criminals cannot access the information en route.
There are two ways to tell whether a site is secure. The first is simply verifying whether the address bar has either an HTTP or HTTPS. That missing ‘S’ is essential as it stands for the word ‘Secure’. Secondly you can visually check for the padlock icon on the browser. If you see HTTPS and a padlock, the connection is encrypted and secure.
But what about the company behind the website?
How do you know it's not a criminal with a secure connection?
Well, a new web security system makes this simple to identify, modern web browsers display color and company names in the address bar that help you know that the site is trustworthy.
Websites that do not have HTTPS label will need an SSL certificate to be able to be marked as safe by Chrome. The SSL functions as secure encryption by securing the interaction between the web server and user.
Websites that do not have an HTTPS label will need an SSL certificate to be identified as a secure site by Chrome. The SSL certificate encrypts the communication between both parties, thus providing a secure interaction between the web server and user.
SSL certificates are issued to websites by unbiased companies called Certificate Authorities. These reviewers:
If the site passes the tests, the Certificate Authority issues an EV SSL certificate, and only sites with these certificates display color in the address bar including their company name and address.
If you see the color green, it means the site is safe but if it is red then it is recommended that you do not access that unsecured site. This process of website security checks prevents criminals from obtaining the SSL certificates to display the Green color information (Secure) on the browser's address bar. So, when you see a website with green information in the address bar, you can be sure that it is legitimate and secured.
Chrome Will Mark The HTTP Web sites As "Not Secure" From July 2018
Although the Chrome 69 update, providing removal of the “Secure” label for HTTPS websites is scheduled for September; the Chrome 70 update providing the “Not Secure” label for HTTP sites is scheduled for October 2018. Therefore, as of July 2018, Chrome will label all the HTTPS websites as "Not secure." That means that a user’s chrome browser visiting a non-HTTPS website will see a "Not secure" label with a red warning icon in the URL status bar.
Furthermore, with the Chrome 70, users visiting a HTTPS website (which doesn't have SSL certification) will view a "Not secure" label along with a red warning icon in the URL status bar of the Chrome browser. Emily noted that this process would mark an end of Google Chrome positive security features.
After Chrome version 70, Google's calendar has no specific dates for future announcements regarding web browser security. According to Emily's statement, Google hasn't set a target date for the final state of web browser security yet. The ultimate goal of Google is to mark all HTTP sites as affirmatively non-secure as well as all HTTPS sites which lack SSL certificates. Ultimately, although this may provide some visibility into the actual security state of a site, it is important to understand that the lack of even basic cyber security knowledge combined with the unwarranted assumption that whatever you’re doing is secure is the root of much evil online.