The Chrome team and the PKI community converged upon a plan to remove trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web.
This will take effect in March 2018.
A public posting back in January last year, to the mozilla.dev.security.policy newsgroup, drew attention to a series of questionable website authentication certificates issued by Symantec Corporation’s PKI. Symantec too had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements.
Symantec’s PKI business, operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL.
Information For Site Operators
Starting with Chrome 66, Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Chrome 66 is currently scheduled to be released to Chrome Beta users on March 15, 2018 and to Chrome Stable users around April 17, 2018.
Implications on Media Buy Side
1. Limitation of scale on publishers on Symantec SSL certificates
2. Ads that are being served, but are unable to load
How does it affect Chrome user?
Here is a sample of a local bank payment gateway: https://dbsd2pay.dbs.com/
Once distrusted, user will be prevented from loading these resources. In other words, the user can’t pay by the bank’s card for anything on Chrome until they have changed the SSL certificate.
For more detailed information, visit Google Security Blog .