InfoSecBulletin Cybersecurity for mankind
Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has not been able to handle security issues promptly and has not complied with their requirements.
“Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted [certificate authority] owner,” Google’s Chrome security team said.
AMD Patches CPU Vulnerability
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104
CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability
Daily Security Update Dated:4.02.2025
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023
.Gov Domains Weaponized in Phishing Surge
RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”
ChatGPT, DeepSeek, Qwen 2.5-VL Vulnerable to AI Jailbreaks
The tech giant announced that it will no longer trust TLS server authentication certificates from Entrust in Chrome browser versions 127 and higher by default. However, Chrome users and enterprise customers can override these settings if they want to.
Google stated that certificate authorities have an important role in ensuring secure connections between browsers and websites. They also criticized Entrust for not providing incident reports and failing to meet improvement commitments, which puts the internet at risk.
Blocking will occur on Windows, macOS, ChromeOS, Android, and Linux. However, Chrome for iOS and iPadOSThe blocking action will affect Windows, macOS, ChromeOS, Android, and Linux versions of the browser. However, Chrome for iOS and iPadOS will not be affected because of Apple’s policies that prevent the use of the Chrome Root Store.
Users visiting a website with a certificate from Entrust or AffirmTrust will see a warning message about their connection not being secure or private.
Website operators need to switch to a trusted certificate authority by October 31, 2024 to avoid problems. Entrust’s website says that their solutions are trusted by big companies like Microsoft, Mastercard, VISA, and VMware.
“While website operators could delay the impact of blocking action by choosing to collect and install a new TLS certificate issued from Entrust before Chrome’s blocking action begins on November 1, 2024, website operators will inevitably need to collect and install a new TLS certificate from one of the many other CAs included in the Chrome Root Store,” Google said.
