Google Chrome warns Chunghwa Telecom of "integrity deficiency": Starting from 8/1, TLS certificate trust will be stopped, and a large number of web pages will become unreadable.

robot
Abstract generation in progress

Google Chrome will stop trusting Chunghwa Telecom and Netlock's new TLS certificates from August 2025, compromising website security, and users may face warnings. (Synopsis: ZachXBT: BitoPro suspected of losing $11.5 million in hacking on May 8) (Background added: Ethereum Pectra upgrades "hacker flip", Wintermute warns: EIP-7702 automates a large number of contract deployments) Google Chrome, the world's largest browser by market share, announced that it will stop default trust by Taiwan's Chunghwa Telecom and Hungary's Netlock as of August 1, 2025 New TLS server validation certificates issued after this date. The decision stemmed from Google's ongoing compliance issues and trust concerns about the two Certificate Authorities (CA), which is expected to impact many websites that adopt their certificates, and users may encounter security alerts when visiting. Trust Crisis and Google's Policy Shift Google noted that this change primarily affects certificates released after August 1, 2025, with the earliest signing certificate timestamp (SCT) later than July 31, 2025 23:59:59 PM UTC. This policy will apply to the Chrome browser on Windows, macOS, ChromeOS, Android and Linux platforms, and Chrome for iOS will not be affected. TLS certificates are key to ensuring encrypted connections between websites and users and securing data transmission. Google said Chunghwa Telecom and Netlock failed to meet strict industry standards. According to the Google Chrome team: "Over the past months and years, we have observed a series of compliance failures, unfulfilled promises of improvement, and a lack of concrete, measurable responses to reports of publicly disclosed incidents. Taken together, these factors make it no longer reasonable to continue to trust the public, given the inherent risks to the Internet from each trusted CA." Certificate authorities must follow specifications such as CA/Browser Forum TLS Baseline Requirements to ensure the security and reliability of encrypted connections. Many web pages in Taiwan are provided with SSL and TLS related certificates by Chunghwa Telecom ePKI Direct impact on users and websites After the implementation of the new policy, if users visit websites using new certificates issued by Chunghwa Telecom or Netlock after July 31, 2025 through Chrome browser, they will see a full-page security warning and will not be directly accessible by default. Website operators can use Chrome Certificate Viewer to check if their websites are affected if the Organization (O) field of the certificate "Issued By" contains "Chunghwa Telecom", "Executive Yuan", "NETLOCK Ltd." or "NETLOCK" Kft.", and the voucher is used or renewed after August 1, 2025. Corporate intranets can override this restriction by installing the corresponding root CA certificate as the native root of trust starting with Chrome 127, but this does not apply to public websites. Google recommends that affected website operators convert to another trusted CA as soon as possible to avoid user impact, and complete the conversion before existing certificates (which expire after July 31, 2025) expire. Alternative options include DigiCert, Let's Encrypt, or Taiwan Network Certification (TWCA). Starting with Chrome 128, developers can simulate the impact of this change using the command-line parameter --test-crs-constraints for early testing. Chunghwa Telecom Strikes Back In response to Google's allegations, Chunghwa Telecom issued a four-point statement on the 2nd, emphasizing that the issued certificates are safe and secure, please rest assured: 1. The certificate management center of the public services operated by Chunghwa Telecom and its entrusted operation fully complies with and complies with the specifications of the Electronic Signature Law, and has passed the external audit and verification of international standards such as WebTrust for CA and ISO 27001, and the digital signatures provided have legal effect, please rest assured that all customers and users. Second, the release of Google Chrome from Chrome version 139 will remove the default trust of the new certificate issued by Chunghwa Telecom after July 31, 2025, because some procedures have not been adjusted within the time limit required by Chrome's new policy, although Chunghwa Telecom has completed all adjustments and fully meets the requirements of Chrome's new policy, unfortunately, Google Chrome still decided to remove the default trust first. The reason for the removal is by no means due to a vulnerability in the credentials or a leak of the private key, and Chunghwa Telecom will still actively strive for Chrome's default trust, which is expected to be completed in March 2026. 3. Chunghwa Telecom said that all certificates issued before July 31, 2025 will not be affected; Certificates issued after July 31, 2025 are only affected when used in the Chrome browser, and are not affected at all when using other browsers such as Microsoft and Apple. 4. Chunghwa Telecom emphasizes that since the certificates issued by Chunghwa Telecom are completely legal and compliant, the customers holding the certificates in government, finance, securities, digital signatures and other applications will maintain normal use without any impact, please rest assured. Industry insiders revealed why Chunghwa Telecom can't cooperate with Google Chrome to complete the new policy adjustment? According to industry insiders who have experienced 10 years of information security, Chunghwa Telecom, as a leading domestic ISP, naturally has certain baggage and difficulties in promoting the new version of the TLS protocol, and the main pressure comes from the update of relevant government administrative orders and regulations and the replacement of certificates by private and government units has not yet been completed. In the past, in order to support the old version of the XP and WIN7 system IE browser for civil servants, and the government-related units have been around many times, and this time Google Chrome for the new version of the certificate has also put pressure on major certificate providers such as Chunghwa Telecom, experts suggest that in order to avoid the private sector after July 31, the relevant website provided by Chunghwa Telecom can not be browsed and used by any public, users who purchased vouchers from Chunghwa Telecom in the past should obtain a new version of the voucher with Chunghwa Telecom as soon as possible and update the webpage. In order to avoid more traffic loss, relevant units should take more relevant actions as soon as possible or even issue administrative regulations and announcements to accelerate the replacement. Related reports Taiwan's new system on the road: accounts frozen "unable to withdraw and transfer" without trading for half a year, users complain about nuisance Taiwan's big brother Lin Zhichen "born as a Taiwanese, died as a Taiwanese ghost" shocked NTU graduates: young people look for the destiny of heaven "Google Chrome warns Chunghwa Telecom "lack of integrity": stop TLS certificate trust from 8/1, a large number of web pages will be unreadable" This article was first published in BlockTempo "Dynamic Trend - The Most Influential Blockchain News Media".

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Share
Comment
0/400
No comments
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)