Given Chrome has more than one billion users, this change to Chrome is likely to pressure website operators to at least consider enabling site-wide HTTPS.
Chrome will also call out companies that aren’t doing the basics of protecting sensitive user information by collecting information on an unencrypted connection.
Until now, Chrome only showed a neutral grey indicator on an HTTP page, which Google’s Chrome security team thinks doesn’t accurately represent the total lack of security HTTP offers.
For example, if you’re on a Wi-Fi hotspot, a third-party on that network can tamper with the contents of an HTTP page. HTTPS on the other hand can mitigate the threat of man-in-the-middle attacks, or surveillance techniques.
With this update, Google also paid out $53,837 to security researchers in its bug bounty program for Chrome. Google fixed a total of 51 security bugs in earlier versions of Chrome.
If you visit Google or any of its other pages and click the padlock icon to reveal and view the certificate, it will state the certificate was issued by Google Internet Authority G2 or GIAG2, rather than, say, another large CA, such as Symantec or GoDaddy. It’s not clear whether Google will provide CA services to third-party sites.
As one commenter on Hacker News pointed out, this move gives Google one more key piece of the internet’s infrastructure: “You can now have a website secured by a certificate issued by a Google CA, hosted on Google web infrastructure, with a domain registered using Google Domains, resolved using Google Public DNS, going over Google Fiber, in Google Chrome on a Google Chromebook. Google has officially vertically integrated the internet.”