Google Chrome is dropping support for a key privacy system - but it could be for a good reason

Chrome 127 will stop trusting Entrust by default

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Googlehas announced that it will cease to trust certifications from Entrust, a prominent certificate authority, starting November 1, 2024.

The change, which will affect Chromebrowsersfrom version 127 onward, stems from what Google describes as Entrust’s prolonged failure to adhere to compliance standards and address security issues.

Google’s decision follows a series of incident reports that have negatively impacted confidence in Entrust’s ability to serve as a reliable certificate authority.

Google will drop Entrust support from November

The Chrome Security Team wrote in ablog post: “Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted CA Owner.”

Post-November 1, TLS server authentication certificates validated to Entrust or AffirmTrust roots will not be trusted by default, however Chrome users will still have the option to manually trust these certificates if they wish to maintain existing functionalities, though at an implied risk.

Google isn’t the only company expressing dissatisfaction, with Mozilla also documenting Entrust’s certificate issues several weeks ago.

Website operators using Entrust certificates must transition to a new certificate authority before the November cutoff in order to avoid disruptions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The Chrome Security Team added: “Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports.”

Google confirmed that the change will come into effect with Chrome 127 on Windows, macOS, ChromeOS, Android, and Linux, howeverApplepolicies “prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.”

An Entrust spokesperson (viaThe Register) commented on Google’s decision: “The decision by the Chrome Root Program comes as a disappointment to us as a long-term member of the CA/B Forum community. We are committed to the public TLS certificate business and are working on plans to provide continuity to our customers.”

More from TechRadar Pro

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Wales vs Fiji live stream: how to watch 2024 rugby union Autumn International online from anywhere