Google Chrome to Revoke Trust in Two Certificate Authorities Due to Compliance and Conduct Issues
TL;DR
Google is set to revoke trust in digital certificates issued by Chunghwa Telecom and Netlock due to compliance and conduct issues observed over the past year. The changes will be implemented in Chrome 139, scheduled for release in early August 2025. This move impacts all Transport Layer Security (TLS) certificates issued by these authorities.
Google Chrome to Revoke Trust in Two Certificate Authorities Due to Compliance and Conduct Issues
Google has announced that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock. This decision comes after observing patterns of concerning behavior from these Certificate Authorities (CAs) over the past year. The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version of Chrome is 137.
Impact on Transport Layer Security (TLS) Certificates
The upcoming update will affect all Transport Layer Security (TLS) certificates issued by Chunghwa Telecom and Netlock. TLS certificates are crucial for securing data transmitted over the internet, ensuring that communications between users and servers remain confidential and tamper-evident. By revoking trust in these certificates, Google aims to enhance the overall security and integrity of web communications.
Reasons Behind the Decision
Google cited several reasons for this decision, including:
- Compliance Issues: Both Chunghwa Telecom and Netlock have failed to meet the required compliance standards set by Google and the broader cybersecurity community.
- Conduct Concerns: Patterns of concerning behavior observed over the past year have raised significant security concerns. These issues undermine the trust and reliability of the certificates issued by these authorities.
Timeline and Implementation
The changes will be implemented in Chrome 139, which is scheduled for release in early August 2025. This update will ensure that all TLS certificates issued by Chunghwa Telecom and Netlock are no longer trusted by the Chrome browser. Users and website administrators are advised to prepare for this change by obtaining certificates from trusted and compliant CAs.
Conclusion
Google’s decision to revoke trust in certificates issued by Chunghwa Telecom and Netlock underscores the importance of compliance and ethical conduct in the cybersecurity landscape. This move is part of Google’s ongoing efforts to enhance the security and integrity of web communications. Users and administrators should stay informed and take necessary actions to ensure a smooth transition to trusted certificates.
Additional Resources
For further insights, check: