Friday , March 14 2025
entrust

Google Blocking Entrust Certificates in Chrome in November 2024

Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has not been able to handle security issues promptly and has not complied with their requirements.

“Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors by Entrust that fall short of the above expectations, and has eroded confidence in their competence, reliability, and integrity as a publicly-trusted [certificate authority] owner,” Google’s Chrome security team said.

CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws

Forescout Research- Vedere Labs identified a series of intrusion based on two Fortinet vulnerabilities which began with the exploitation of...
Read More
CVE-2024-55591 and CVE-2025-24472  New SuperBlack ransomware exploits Fortinet flaws

CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws

GitLab has released versions 17.9.2, 17.8.5, and 17.7.7 for its Community and Enterprise Editions to fix security vulnerabilities, including a...
Read More
CVE-2025-25291 & CVE-2025-25292  Attention! GitLab Patched Critical Authentication Bypass Flaws

CVE-2025-20138
Cisco released High Security Alert for IOS XR Software

Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS...
Read More
CVE-2025-20138  Cisco released High Security Alert for IOS XR Software

400+ IPs Exploiting Multiple SSRF Vulnerabilities

GreyNoise warns of a coordinated increase in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities across various platforms. "At least...
Read More
400+ IPs Exploiting Multiple SSRF Vulnerabilities

NVIDIA has released update for NVIDIA Riva

NVIDIA has released a software update for Riva to fix security vulnerabilities that could allow privilege escalation, data tampering, denial...
Read More
NVIDIA has released update for NVIDIA Riva

CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”

On Tuesday, Apple fixed a critical zero-day vulnerability affecting nearly all supported iPhones and iPads. The company noted that it...
Read More
CVE-2025-24201  Apple fixes 0-day exploited in “extremely sophisticated attack”

Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws

Microsoft's March 2025 Patch Tuesday update fixes 57 flaws, including seven zero-day exploits, six of which are actively being exploited....
Read More
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws

Ballista Botnet infects 6000 Unpatched TP-Link Routers

Cato CRTL team said, a new botnet campaign dubbed Ballista target the unpatched TP-Link Archer routers. CVE-2023-1389 is a serious...
Read More
Ballista Botnet infects 6000 Unpatched TP-Link Routers

CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE

A critical vulnerability, CVE-2025-24813, has been found in Apache Tomcat, which could let attackers execute remote code, leak sensitive data,...
Read More
CVE-2025-24813  Flaw in Apache Tomcat Exposes Servers to RCE

CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV

CISA included three vulnerabilities in Ivanti Endpoint Manager—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—in its Known Exploited Vulnerabilities catalog. Federal agencies must address...
Read More
CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV

The tech giant announced that it will no longer trust TLS server authentication certificates from Entrust in Chrome browser versions 127 and higher by default. However, Chrome users and enterprise customers can override these settings if they want to.
Google stated that certificate authorities have an important role in ensuring secure connections between browsers and websites. They also criticized Entrust for not providing incident reports and failing to meet improvement commitments, which puts the internet at risk.

Blocking will occur on Windows, macOS, ChromeOS, Android, and Linux. However, Chrome for iOS and iPadOSThe blocking action will affect Windows, macOS, ChromeOS, Android, and Linux versions of the browser. However, Chrome for iOS and iPadOS will not be affected because of Apple’s policies that prevent the use of the Chrome Root Store.

Users visiting a website with a certificate from Entrust or AffirmTrust will see a warning message about their connection not being secure or private.

Website operators need to switch to a trusted certificate authority by October 31, 2024 to avoid problems. Entrust’s website says that their solutions are trusted by big companies like Microsoft, Mastercard, VISA, and VMware.

“While website operators could delay the impact of blocking action by choosing to collect and install a new TLS certificate issued from Entrust before Chrome’s blocking action begins on November 1, 2024, website operators will inevitably need to collect and install a new TLS certificate from one of the many other CAs included in the Chrome Root Store,” Google said.

Check Also

CYFIRMA

FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank’s brand through …

Leave a Reply

Your email address will not be published. Required fields are marked *