Return to blog

Chrome Security Warnings

September 18, 2017

New Version of Chrome, Now with Perpetual Security Warnings!

Will visitors of your website see a security warning because of the newest version of Chrome? Chances are, yes. But it may not be as jarring as it sounds, and it’s relatively simple to resolve.

Back in August, we started receiving interesting email notifications in our Google webmaster accounts from ‘the Google’ itself. We make it a point to review these notices regularly on behalf of our website management clients. In August, Google was notifying webmasters that the forthcoming Chrome update would include a feature to warn users if a web form is not protected using SSL/HTTPS encryption. This seems like a reasonable feature. But it will affect the users of most websites (certainly the majority of websites within our clients’ industries).

Details and What to Expect

The next version of Chrome, version 62 scheduled for release in October, will begin displaying a Security Warning when you’re on a web page with a form and that website does not use security encryption.

The kind folks over at Google have provided some additional details in a post on the Google Security Blog. This includes a sample screenshot to help better illustrate what the warning will look like:

And here’s a nifty little animated GIF to better understand exactly how/when the warning will be triggered:

Your Website and Chrome 62, a Checklist

To better understand if this will affect you and your website, here is a quick checklist. Chrome will display a security warning on your website if both of the following are true:

  1. Your website does not use SSL/HTTPS
  2. You’re website has any forms on any of it’s pages.

It is important to note that even if your site does not have SSL implemented, the warning will only appear on those web pages with forms. However, most professional websites have a form on at least one web page (typically the Contact page). And many sites now include a form in the recurring elements of every page, such as a search box in the header or a newsletter sign-up form in the header or the footer.

To confirm if your website is currently using SSL, you can simply navigate to your website in a browser and then look at how your domain name is displayed in the URL bar. If the URL includes an “S” after “http” then you’re good! Take a look at the screenshot below to see how our web address is displayed and note the “s” in httpS://www.eisolutions.com.

Chrome 62 and Its Impact on Your Website

It’s hard to say what kind of impact this will have to your website or your business in general. For most organizations that are not currently using SSL, the real risk is perception. (Of course, this assumes your website is not currently using forms to capture sensitive information. If it is, please stop reading this article and instead start working on an SSL implementation plan).

To help better understand the potential impact, here are some relevant statistics:

First, this is limited to Chrome users (for now). But Chrome is currently the dominant browser, commanding nearly 60% of the desktop market according to this report in Net Market Share.

The timing of any impact is tough to predict. It will be isolated to only the release of Chrome 62. However, the number of users that have acquiesced to auto-updates seems to be climbing. As a consequence, the adoption rate of the most current, stable browser is accelerating in general. This means that Chrome 62 could easily go from 0% to nearly 60% in less than a month. Callin’ me crazy?! Well, waaay back in 2012 (an eternity in tech years) Google once bragged that its adoption rate of the then newest Chrome version was 85% in less than one week. Though it’s hard to find current and universally accepted stats on adoption rates today, it’s safe to assume its somewhere close to, if not faster than, it was in 2012.

Chrome 62 and You (…and Everyone Else)

The toughest part about trying to predict the potential impact is the fact that it will impact almost every website immediately, as most websites do not yet employ SSL but do have at least one form on one of its pages. So, it’s a safe assumption that this security warning will seem fairly pervasive to Chrome users at first, affecting many of the websites they visit.

What To Do Now?

If you’re like most organizations, you have a website which does not use SSL but does use web forms – so this update has the potential to affect you. Will this security warning have a negative impact on the perception of your organization? Probably. But it’s tough to anticipate the significance of that impact.

The Risk

If most websites in your industry are affected the same way, then the net affect in terms of perception may be negligible at first. But as more sites in your industry adopt SSL, that security warning you once considered invisible in a sea of identical warnings could begin to draw unwanted attention and call into question your commitment to your customers’ security.

The Opportunity

To look at it another way – will you benefit by standing out in your industry with better security? Most likely, yes. How will it look to customers when your website is one of only a few that does not  display the security warning? To your customers, it will demonstrate your organization had the foresight and commitment to deploy the necessary security well ahead of everyone else in your industry.

Conclusion

Is it necessary to run out and immediately deploy SSL for your site? It’s probably not immediately necessary. But it’s ultimately inevitable if you plan on continuing to use web forms. Also, it’s one of the rare examples in the tech world where it will likely serve those best who act first.

If you are a client and you would like to consider implementing SSL in the near future, please give us a call or email us.

 

 

Return to blog