HTTP websites to be discouraged in Google Chrome

Not Secure indicator for HTTP websites in Google Chrome

The release of Google Chrome 53 saw the first phase implemented in Google's long-term vision of HTTPS becoming an Internet standard. This comes on the back of a major milestone noted via Chrome browser usage.

More than half of Chrome desktop page loads are now served over HTTPS.

Not Secure treatment for HTTP

For now, Chrome is marking all non-secure sites with an information radial that further explains a website has no encryption. This will go a step further starting in January of 2017 for websites with password or credit card fields.

chrome treatment of HTTP pages as not secure

Eventually, every single website without SSL will have a red warning symbol with "Not Secure" next to it within the Chrome environment.

HTTP websites not secure in Google Chrome

Click the link to hear it straight from Google.

DROWN logo

DROWN Attack – 33% HTTPS servers at risk

DROWN stands for “Decrypting RSA with Obsolete and Weakened eNcryption”

Websites, mail servers, and other TLS-dependent services are all at risk for this kind of attack, including many popular websites. It allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.

drown attack scenarios

Next Steps For Server Admins

Learn more and check if your servers are affected.