Security News > 2023 > May > Google Chrome will lose the “lock” icon for HTTPS-secured sites
In September 2023, Google Chrome will stop showing the lock icon when a site loads over HTTPS, partly due to the now ubiquitous use of the protocol.
"We redesigned the lock icon in 2016 after our research showed that many users misunderstood what the icon conveyed. Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon," the team explained.
"This misunderstanding is not harmless - nearly all phishing sites use HTTPS, and therefore also display the lock icon. Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety."
The new "Tune" icon is more clickable, they feel, and it will open website controls that will now include the lock icon as the entry point for information about connection security.
The icon change will also be introduced in Chrome for Android at the same time.
"On iOS, the lock icon is not tappable, so we will be removing it entirely. On all platforms, we will continue to mark plaintext HTTP as insecure," the team concluded.
News URL
https://www.helpnetsecurity.com/2023/05/03/google-chrome-https/
Related news
- Google Chrome gets real-time phishing protection later this month (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Google Chrome's new post-quantum cryptography may break TLS connections (source)
- Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship (source)
- Google Introduces Enhanced Real-Time URL Protection for Chrome Users (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)