Skip to main content

Google Chrome 58: Browser Security Changes

Summary

What's new with Google Chrome 58 browser security?


User-added image

Here is what's new with Google Chrome 58 browser security as of April 2017:

SSL/TLS certificate Common Name (CN) no longer supported

Google Chrome 58 will no longer support the Common Name field on your SSL/TLS certificates. The Common Name (CN=) field is used to display the domain name for which the certificate is valid and was actually phased-out via RFC almost two decades ago. The fields upon which you can see this information in Google Chrome 58 is the "DN=" or "SANs" fields.

Thus, if you use SSL/TLS certificates that were exclusively using the CN field to indicate the valid domain name, Chrome 58 will no longer support those certificates. Note that this will not affect any certificates issued from Entrust as as we include CN, DN and SANs fields on all of our certificates for maximum compatibility.

An enterprise policy has been added for those who need Common Name support for a while longer.

Encrypted Media Extensions now require HTTPS

As part of Google's plan to incrementally deprecate powerful browser features that may unintentionally create insecurities, Chrome 58 restricts certain features to HTTPS only, with the most recent feature being Encrypted Media Extensions (EME). EMEs will require HTTPS in order to display .

Forthcoming update: Notifications will require HTTPS (later this year)

Similar to the change made to EMEs, later this year the Notifications API - which allows websites to send desktop notifications to Chrome - will also require HTTPS in order to send notifications

Homograph Vulnerability Fixed

Homograph attacks exploit characters which are different but look similar by combining a non-Latin alphabet with a Latin top-level-domain. Some domain registrars allow for the registration of domains using special non-ASCII characters. This makes it possible to register a domain that appears as "apple.com"  but was registered a Cyrillic "a" (U+0430) instead of an ASCII "a".

Note that the ability to use non-ASCII characters is used to support the billions of non-native English speakers whose languages use special characters to access the Internet. In order to be able to protect these users (as well as those who could be exposed to a potential homograph attack),Chrome is mitigating this specific type of homograph attack by displaying the domain in its ‘punycode’ form (a method for displaying Unicode with the ASCII character set) when a domain is made entirely of Cyrillic letters and the top-level domain is not an internationalized domain name.

In Chrome 58, the domain would appear as:
User-added image

Please consult this article for further Chrome 58 security updates.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088