Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Mike Moore

Chrome is ditching its browser security warning - and replacing it with something worse

Chrome

A major change is coming to the address bar in Google Chrome after the company revealed it is set to remove one of the most important safety features.

The browser will soon be dropping its lock icon, shown in the address bar to signify whether a website is secure or not, as part of a broader redesign move.

In its place, a rather confusing and unclear version of Google's "tune" icon will replace the lock, signalling to users that it can be clicked on and modified.

Google Chrome lock icon

In a blog post announcing the change, set to come in with Chrome 117 in September 2023, Google says that the move has been planned for some time, and reflects the changing state of the internet as a whole.

It notes that HTTPS websites, generally regarded as being secure, are now widely used, which was not the case as recently as 2013, when only 14% of the Alexa Top 1M sites supported HTTPS only. Now that figure is over 95% (for Chrome page loads in Windows), Google says the time is right to "re-evaluate" how it flags secure systems to Chrome users.

It added that the lock icon isn't going away completely, as it will still be present in the Chrome 'tune' submenu when website connections are secure.

(Image credit: Google)

​"When HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS," the company said. "Today, this is no longer true, and HTTPS is the norm, not the exception, and we've been evolving Chrome accordingly."

However, Google also warns that cybercriminals often use landing pages for phishing attacks that show the lock icon, fooling victims into thinking the websites are safe.

"Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon," Google said.

"Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.