Here is what's new with Google Chrome 58 browser security as of April 2017:
- SSL/TLS certificate Common Name (CN) no longer supported
- Encrypted Media Extensions now require HTTP
- Forthcoming update: Notifications will require HTTPS (later this year)
- Homograph Vulnerability Fixed
SSL/TLS certificate Common Name (CN) no longer supported
Google Chrome 58 will no longer support the Common Name field on your SSL/TLS certificates. The Common Name (CN=) field is used to display the domain name for which the certificate is valid and was actually phased-out via RFC almost two decades ago. The fields upon which you can see this information in Google Chrome 58 is the "DN=" or "SANs" fields.
Thus, if you use SSL/TLS certificates that were exclusively using the CN field to indicate the valid domain name, Chrome 58 will no longer support those certificates. Note that this will not affect any certificates issued from Entrust as as we include CN, DN and SANs fields on all of our certificates for maximum compatibility.
An enterprise policy has been added for those who need Common Name support for a while longer.
Encrypted Media Extensions now require HTTPS
As part of Google's plan to incrementally deprecate powerful browser features that may unintentionally create insecurities, Chrome 58 restricts certain features to HTTPS only, with the most recent feature being Encrypted Media Extensions (EME). EMEs will require HTTPS in order to display .
Forthcoming update: Notifications will require HTTPS (later this year)
Similar to the change made to EMEs, later this year the Notifications API - which allows websites to send desktop notifications to Chrome - will also require HTTPS in order to send notifications
Homograph Vulnerability Fixed
Homograph attacks exploit characters which are different but look similar by combining a non-Latin alphabet with a Latin top-level-domain. Some domain registrars allow for the registration of domains using special non-ASCII characters. This makes it possible to register a domain that appears as "apple.com" but was registered a Cyrillic "a" (U+0430) instead of an ASCII "a".
Note that the ability to use non-ASCII characters is used to support the billions of non-native English speakers whose languages use special characters to access the Internet. In order to be able to protect these users (as well as those who could be exposed to a potential homograph attack),Chrome is mitigating this specific type of homograph attack by displaying the domain in its ‘punycode’ form (a method for displaying Unicode with the ASCII character set) when a domain is made entirely of Cyrillic letters and the top-level domain is not an internationalized domain name.
In Chrome 58, the domain would appear as:
Please consult this article for further Chrome 58 security updates.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088