Skip to main content

Chrome will soon mark unencrypted sites with a big, red X

chrome on ios reading list browser mobile ipad search
Google is going to start pointing out when web pages that aren’t encrypted as part of its aggressive and on-going campaign to improve browser security.

Almost the entire Web is built on HTTP, or the Hypertext Transfer Protocol. It’s basically the language that browsers and web pages speak to each other. HTTP is great for a lot of reasons, and its wide adoption is a boon for compatibility, but it’s inherently insecure.

In fact, it’s remarkably easy to intercept traffic to and from unsecured HTTP servers, which is why HTTPS was introduced. As the secure version of HTTP, HTTPS encrypts data sent to and from users, protecting it with an SSL certificate. SSL as a security layer is basically unbreakable, although there are rumors the NSA and British Surveillance have their own methods, and security certificates are sometimes improperly issued, a problem that put Google in conflict with Symantec last year.

Chrome distinguishes HTTP from HTTPS pages using an icon to the left of the URL, where the favicon (for example, the tiny Digital Trends logo on this tab) changes based on the security settings of the current page. A standard, un-encrypted site is marked by a white page icon, while a secure site is marked with a green padlock. If a page claims it’s secure, but Chrome spots issues with its implementation, the padlock will be marked with a red X. Clicking the icon in any case will bring up more info on the site.

Soon, sites that are unencrypted will be marked with a padlock and X icon, just like the poorly secured sites. The idea was actually proposed as part of an addition to the Chromium project, but now it appears it will be implemented in the standard version of Chrome as well. It was shown off as a feature during a presentation at the Usenix Enigma security conference.

When this change will make its way into the public version of the browser remains to be seen. It can be enabled in an advanced settings tab by navigating to “chrome://flags” and selecting “mark non-secure origins as non-secure,” a setting that’s simultaneously self-explanatory and confusing.

The move might seem extreme to some, but it’s important to protect your data everywhere on the Internet, not just on sites with passwords or sensitive information. The move towards a completely secure Web is one that everyone is going to benefit from, and if any company can make it happen, it’s Google.

Editors' Recommendations

Brad Bourque
Former Digital Trends Contributor
Brad Bourque is a native Portlander, devout nerd, and craft beer enthusiast. He studied creative writing at Willamette…
Google Chrome tops this list of most vulnerable browsers
Google Chrome logo appears over photo of laptop with chart of vulnerabilities.

According to a recent report, Google Chrome is the most vulnerability-ridden browser of all the major players. Chrome also happens to be the most popular browser in the world, accounting for over 60% of usage according to most sources, which means that a larger number of people are at risk until the bugs are fixed.

Every browser suffers from these security weaknesses from time to time, including the increasingly popular Apple Safari, Microsoft Edge, and Mozilla Firefox, but Chrome has had a startlingly high number of weaknesses in 2022. The vulnerability report from Atlas VPN summarized data found in the VulDB vulnerability database. In this year alone, 303 vulnerabilities have been detected in Google Chrome. Firefox came in a distant second with 117, while 103 were found in Edge, and only 26 in Safari.

Read more
Spellcheckers in Google Chrome could expose your passwords
Office computer with login asking for password and username.

If you like to be thorough and use an advanced spellchecker, we have some bad news -- your personal information could be in danger.

Using the extended spellcheck in Google Chrome and Microsoft Edge transmits everything you input in order for it to be checked. Unfortunately, this includes information that should be strictly encrypted, such as passwords.

Read more
Here’s why you need to update your Google Chrome right now
Google Chrome opened on a laptop.

Google has just released a new version of Chrome, and it's crucial that you get your browser updated as soon as possible.

The patch was deployed to fix a major zero-day security flaw that could potentially pose a risk to your device. The latest update is now available for Windows, Mac, and Linux -- here's how to make sure your browser is safe.

Read more