Skip to main content

Google gets more aggressive in alerting users when web pages are not secure

google implementing aggressive policies in chrome themes header
In some cases, online security is a balance between users making good choices and systems providing the required information. Phishing attempts, for example, where fake sites grab private information by masquerading as official sites, only succeed because users are fooled into thinking they’re on legitimate pages.

One way to combat phishing is to use encryption, which verifies that a site is actually what it claims to be. One way to avoid becoming a victim of phishing, therefore, is to only enter private and sensitive information, like credit card and social security numbers, on encrypted sites. Google has been slowly implementing features in Chrome to make it clear when users aren’t on encrypted pages, and it’s getting even more aggressive in its efforts to help users stay safe.

While anyone can tell if a page is secured just by looking for the “https” header in the address bar, Chrome recently started explicitly marking HTTP pages as “Not secure” whenever they include password or credit card fields. Starting in October 2017, Google will cause Chrome to show “Not secure” in more situations, specifically when users enter any data on an HTTP page and when visiting any HTTP page in Incognito mode.


As the company puts it, “Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the ‘Not secure’ warning when users type data into HTTP sites.” Chrome 62 is due in October 2017, hence the timeline for implementing the more aggressive policies.

In addition, Chrome’s Incognito mode represents a particularly troublesome situation because it can cause people to confuse local privacy with data that’s entered on pages and submitted to sites. Incognito mode makes it harder to get on a user’s local machine and grab their data after a browsing session, but it does nothing to protect data once it’s sent from the browser to the internet. Therefore, Chrome will mark all HTTP pages as “Not secure” to ensure that users are reminded of those facts.

Google’s end game is to mark all HTTP pages in all browsing modes as “Not secure.” As the company points out, HTTPS is less expensive and less of a hassle to implement than ever before, and the sooner all sites switch over to HTTPS, the better for everyone. Perhaps by pointing out more sites as insecure, Google can essentially shame a few more sites into making the transition — along with providing the information users need to take their own steps in becoming more secure in their browsing practices.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more
Update Google Chrome now to protect yourself from an urgent security bug
Google Chrome app on s8 screen.

Google posted a security update for its Chrome browser that fixes what's known as a zero-day bug. The problem affects Chrome on Windows, Mac, and Android. The flaw can lead to arbitrary code execution, a serious security vulnerability, so it's best to download and install the latest version immediately. Zero-day bugs mean that this is a known weakness and, in this case, Google said that the flaw is already being exploited by hackers.

Google did not post a detailed explanation of how the exploit works, but will do so when the majority of people have updated, making the danger of further attacks less severe. The most severe bug is identified as CVE-2022-2294 and the update also patches CVE-2022-2295 and CVE-2022-2296.

Read more
Microsoft Edge vs. Google Chrome: Performance, design, security, and more
Microsoft Edge browser on a computer screen.

Google Chrome remains the king of the web browsers, with around 60% share of the browser market as of December 2021. Microsoft's Edge browser, which uses the Chromium open-source engine, is in a lower spot around 12%, which is impressive with the browser having only been introduced in the last couple of years. Microsoft pushed the new Edge to all Windows 10 desktops, replacing the old Windows 10 version and giving Edge a built-in -- well -- edge. Edge is also the default browser for Windows 11.

Which browser should you use? The two share a lot of similarities, but some key differences make one the clear winner.

Read more