Chrome will mark HTTP connections to websites as non-secure from January 2017

From January 2017, Chrome will indicate connection security with an icon in the address bar labeling HTTP connections to sites as non-secure.

Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS for its free domain service provider Blogspot.

Now Google confirmed that starting from January of 2017 its web browser Chrome will begin labeling HTTP sites that transmit passwords or request the user’s sensitive data (i.e. credit card details) as “Non Secure” to encourage the use of encryption.

A couple of years ago, Google also introduced new rules in its search engine algorithm in order to increase the ranking of websites using the HTTPs protocol.

The company plans to release the Chrome 56 version in January 2017 as reported on the Google Security Blog.

“To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.” states the post published by Google.

The use of Unencrypted HTTP connection exposes users to the risk of eavesdropping, an attacker could execute a man-in-the-middle attack to intercept data in transit and manipulate it.

Starting from the Chrome 56 release, Chrome will flag HTTP pages as “Not secure” by using a neutral indicator even in the address bar of incognito mode, where uses expert more privacy.

“In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.” reads the post.

This summer, Google implemented HTTP Strict Transport Security (HSTS) on the www.google.com domain to protect users and prevent them from navigating using the HTTP protocol.

Google confirmed that more than half of the websites visited by users with its Chrome browser are already encrypted.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Google, HTTP sites)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.