A look at Google Chrome’s New Security Update for 2017

As the threat of internet security breaches is all too common, web browser manufacturers and developers alike are constantly working to make the Internet a safer place.

One of the most likely targets of a security attack is any site or business that collects passwords, credit card numbers or other financial information. In an effort to make browsing the web more secure, Google Chrome recently announced that as of January 2017, HTTP pages that collect this type of sensitive data will be marked as non-secure, in an effort to encourage the administrators of these sites to move to the secure HTTPS protocol.

Whenever you use Gmail, or sign in to Facebook, or send money via PayPal, there is a layer of encryption that protects submitted information from being viewed or intercepted from a potential attacker. This layer of encryption is known as Hypertext Transfer Protocol Secure, or HTTPS for short.

While Chrome has long indicated the status of a web connection’s security via a small icon in the address bar, it has not always explicitly indicated HTTP connections as unsecured. The initial step in this new move towards better security will be to mark HTTP sites collecting sensitive data as non-secure, but the long-term goal is to mark all HTTP connections as non-secure (whether or not they collect private information).

Example of connection secured by HTTPS:

Google Chrome Security Update for 2017

Google Chrome's New Security Update for 2017

Example of connection not secured by HTTPS:

Google Chrome Security Update for 2017

Google Chrome Security Update for 2017

The above “i” indicator for HTTP connections is considered a “neutral indicator”. As this is considered a neutral connection, it doesn’t accurately impart the real lack of security that exists for sites visited with HTTP. With any HTTP connection, a potential attacker can view or edit the page you are viewing before you do (potentially adding in malicious content, or stealing your data).

Much progress has been made in converting a large segment of web traffic from HTTP to HTTPS, and this amount is constantly growing. As of recently, more than 50% of all sites loaded on the Chrome desktop browser are now being served via HTTPS.

Another less mentioned benefit of HTTPS is its faster loading times over HTTP. To see a real-world example of this, check out HTTP vs HTTPS Test, which benchmarks HTTPS at up to 80%+ faster than HTTP.

It’s a no-brainer for smaller sites to implement HTTPS, but the difficulty in transitioning to HTTPS connections grows the larger, more complex the site is. The more elaborate a site is, the more there is to consider, such as whether or not third-party content or advertisements are offered via HTTPS, or if your content delivery network charges more for using the secure protocol.

While the move toward widespread HTTPS use is a huge step forward for internet security, it’s important to point out that HTTPS isn’t fail-proof. Hackers have attempted (and in some instances have been successful), in obtaining certificates for some of the most widely used websites on the Internet. Possession of these certificates would allow a hacker to impersonate the legitimate site, therefore obtaining a user’s confidential info.

Wikipedia entry on HTTPS

Companies and Organizations offering free SSL Encryption:

Let’s Encrypt

CloudFlare

Comodo

Other resources:

HTTPS Everywhere is a simple web browser extension that will force a secure HTTPS connection whenever available. The extension is available for Chrome, Firefox, Opera and Android.

Resources

Post a Comment

Comments are moderated. Your email is kept private. Required fields are marked *

© 2018 Sunlight Media LLC - Web Design Company