InfoSecBulletin Cybersecurity for mankind
Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has not been able to handle security issues promptly and has not complied with their requirements.
“Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted [certificate authority] owner,” Google’s Chrome security team said.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
The tech giant announced that it will no longer trust TLS server authentication certificates from Entrust in Chrome browser versions 127 and higher by default. However, Chrome users and enterprise customers can override these settings if they want to.
Google stated that certificate authorities have an important role in ensuring secure connections between browsers and websites. They also criticized Entrust for not providing incident reports and failing to meet improvement commitments, which puts the internet at risk.
Blocking will occur on Windows, macOS, ChromeOS, Android, and Linux. However, Chrome for iOS and iPadOSThe blocking action will affect Windows, macOS, ChromeOS, Android, and Linux versions of the browser. However, Chrome for iOS and iPadOS will not be affected because of Apple’s policies that prevent the use of the Chrome Root Store.
Users visiting a website with a certificate from Entrust or AffirmTrust will see a warning message about their connection not being secure or private.
Website operators need to switch to a trusted certificate authority by October 31, 2024 to avoid problems. Entrust’s website says that their solutions are trusted by big companies like Microsoft, Mastercard, VISA, and VMware.
“While website operators could delay the impact of blocking action by choosing to collect and install a new TLS certificate issued from Entrust before Chrome’s blocking action begins on November 1, 2024, website operators will inevitably need to collect and install a new TLS certificate from one of the many other CAs included in the Chrome Root Store,” Google said.
