Chrome Unboxed – The Latest Chrome OS News

Google Begins Phase One Of Symantec Distrust On Chrome


Earlier this year, developers from the Chromium project announced the roadmap detailing Chrome’s plan to distrust Symantec-issued TLS certificates issued before June 1, 2016. The nearly two-year long blueprint was spawned when a Mozilla Developer forum post revealed some suspicious authentication certificates that were issued by one or more of Symantec’s CA (certification authority) child companies.

Long story short, Symantec was found to be allowing certain organizations to issue their own security certificates by circumventing the required procedures laid out by the CA Industry guidelines. This resulted in the Chrome teams decision to being the long process of distrusting the certificates issued by Symantec and its brand companies.

This week, the first signs of these plans have turned up in the Chromium repositories. The commit is titled as follows:

Implement the first phase of Symantec Distrust

The update spells out the first steps that will be taken when the Symantec distrust actions are put into effect.


The timeline for the update have been etched out in the Google Online Security blog and the first phase is scheduled to begin rolling out to Chrome Beta 66 on or around March 15, 2018. Site administrators will need to replace any Symantec certificates issued prior to June 1, 2016, with new ones trusted by Chrome. Read more about Certificate Transparency here.

The long-term timeline for these updates is slated to come to completion in Septemeber of next year when Chrome Beta 70 is released and all certificates from Symantec’s legacy infrastructure are “not trusted” by Chrome. According to Symantec’s security blog, DigiCert would be acquiring their PKI solutions and be handling updates to certificates beginning December 1, 2017.

Shop Chromebooks On Amazon

Source: Chromium Repository