Chrome is ditching its browser security warning - and replacing it with something worse
Google drops HTTPS lock icon from Chrome in favor of something much more unclear
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A major change is coming to the address bar inGoogle Chromeafter the company revealed it is set to remove one of the most important safety features.
Thebrowserwill soon be dropping its lock icon, shown in the address bar to signify whether a website is secure or not, as part of a broader redesign move.
In its place, a rather confusing and unclear version ofGoogle’s “tune” icon will replace the lock, signalling to users that it can be clicked on and modified.
Google Chrome lock icon
In ablog postannouncing the change, set to come in with Chrome 117 in September 2023, Google says that the move has been planned for some time, and reflects the changing state of the internet as a whole.
It notes that HTTPS websites, generally regarded as being secure, are now widely used, which was not the case as recently as 2013, when only 14% of the Alexa Top 1M sites supported HTTPS only. Now that figure is over 95% (for Chrome page loads in Windows), Google says the time is right to “re-evaluate” how it flags secure systems to Chrome users.
It added that the lock icon isn’t going away completely, as it will still be present in the Chrome ‘tune’ submenu when website connections are secure.
"When HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS," the company said. “Today, this is no longer true, and HTTPS is the norm, not the exception, and we’ve been evolving Chrome accordingly.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
These are the best privacy tools and anonymous browsers>The browser wars just took another twist in the battle to topple Google Chrome>Google Chrome releases security fix for this major flaw, so update now
However, Google also warns that cybercriminals often use landing pages for phishing attacks that show the lock icon, fooling victims into thinking the websites are safe.
“Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon,” Google said.
“Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety.”
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
