Chrome 68 Marks HTTP As Not Secure

Categories: posts

Chrome starts to mark old-fashioned HTTP sites as ‘Not Secure’ in the address bar. If you have already updated Chrome to version 68 this week, you would probably be surprise at seeing a huge amount of HTTP sites are not secure overnight.

That’s to let you know that the site you’re visiting is not HTTPS-enabled, and the traffic is being transmitted over the old, less secure HTTP protocol. That means a hacker could spy on the data you’re sending and receiving from the site in question (such as passwords and credit card numbers), and even hijack the connection to run a phishing scam or redirect you to a malware-laden page.

HTTPS sites encrypt the data that’s being transmitted between your device and their servers, so you’re far less vulnerable to such attacks.

Here’s what the new warning looks like in Chrome 68:

Google noted that 83 of the top 100 sites on the web now use HTTPS by default, which is great. But as security researcher Troy Hunt noted, that leaves out some major ones, including Baidu, QQ, and JD.com in China (which are among the top 15), and Twitter’s t.co domain, which it uses to redirect people from its platform to linked pages in tweets.

If you spot a ‘Not secure’ warning while browsing, you’ll want to be careful about entering sensitive information on that site. Hopefully, this move will encourage more webmasters to migrate their sites to HTTPS soon – Google even has a guide on how to do it for free.

See also