Skip to main content

Google is cracking down on internet security in this big way

Connection is not private warning from Google.
Google

Google is making some serious changes to digital certificate security on the web, the company announced on its Security blog. The big news is that Google will no longer trust certificates from two large security firms — Entrust or AffirmTrust — due to repeated security lapses.

According to Google, the companies, which are Certificate Authorities (CA), have demonstrated patterns of unmet improvement commitments, compliance failures, and no measurable progress in how fast the company responds to publicly disclosed incident reports.

Recommended Videos

Digital certificates are an online file that authenticates and secures the data of a site, and they’re frequently the target of hackers. Exploiting a vulnerable digital certificate can be a huge deal for online security, hence why Google’s taking the measure so seriously.

As a result of Google’s decision, Chrome users will see warnings about untrusted connections as early as October 31, 2024. According to Entrust, however, certificates issued before then will remain valid and trusted by Google.

Users will see this warning regarding TLS server authentication certificates when they update to Chrome 127+ and the ERR_CERT_AUTHORITY_INVALID error when they access this type of site. Sites that use Entrust include merrilledge.com, moneygram.com, and ey.com.

You can always check if a connection is secure by clicking the “Tune” icon in Chrome on the left of the address bar > Connection is secure > Certificate is valid. Website owners can rest easy if the organization field under the “Issued By” heading doesn’t list Entrust or AffirmTrust.

Valid certificate on Digital Trends.
Judy Sanhz / Digital Trends

Google is advising website owners to move to a new publicly trusted CA Owner as soon as possible before the deadline. It is also likely that this may set a precedent for future actions by the tech giant regarding other Google products.

However, it’s worth noting that Enterprise customers will have the option of continuing to trust Entrust if that is what they choose to do.

This isn’t the first time Google has warned companies to clean up their act. In 2015, they also gave Symantec an ultimatum concerning unauthorized HTTPS certificates that employees had been issuing. Despite the news of sites being tagged unreliable, there are ways you can dramatically increase security in Google Chrome, such as by encrypting your passwords.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
This new Google Chrome security warning is very important
The Google Chrome logo on a black phone which is resting on a red book

Google is changing how it warns its users about suspicious files on Chrome by adding new full-page warnings and cloud scanning regarding suspicious downloads, according to Windows Report. This is an attempt to explain more precisely why it blocks specific downloads. Google says that the AI models will divide the warning into two categories: "suspicious" or "dangerous."

The new warning system primarily benefits those using the anti-phishing Enhanced protection feature. The files users upload to the cloud for an automatic scan and those that undergo a deep scan are 50 times more likely to have the AI flag them as malware.

Read more
Google just gave up on its proposed makeover of the internet
Google Chrome browser running on Android Automotive in a car.

Google announced on Monday that it will pull the brakes on phasing out the use of third-party cookies on its Chrome browser because of concerns from regulators, competitors, and privacy advocates, the tech giant said in a Privacy Sandbox post. Instead, Google will be going in a different direction that will let users choose how they interact with third-party cookies.

Blocking third-party cookies would have presented a hurdle for remarketing, which lets companies serve you ads based on your previous activity around the web.

Read more
It’s time to add one more service to the Google graveyard
A woman using a HP Chromebook laptop while sitting at a bright green table with a cup of coffee, all in front of a colorful background.

Google is killing yet another service: the Google URL Shortener. As Dare Obasanjo comments on X, any links using the goo.gl shorter will break after August 25, 2025.

When Google offers a service, millions of people use it and it becomes embedded in every corner of the internet -- and then when Google kills a service, countless things break, and it causes a whole lot of inconvenience for a whole lot of people.

Read more