Chrome shows sites with minor security issues as totally insecure

Updated ·2 min read

Google has just launched Chrome 46, and there's a significant change in how it notifies you about web security. If you're on an HTTPS site that's 100 percent secure, you'll still see a green lock icon, and broken sites show a red "X" symbol, as before. However, when you hit a protected site with minor issues, you'll see absolutely no symbol, as if you were on a regular, unencrypted HTTP site (below). That's a big change from Chrome 45, when Google showed a lock symbol with a yellow triangle on such "mixed" sites.

Google said it made the change to give Chrome users "fewer security states to learn. We've come to understand that our yellow 'caution triangle' badge can be confusing compared to the HTTP page icon." In other words, users might feel that a protected HTTPS site with minor errors is less secure than an HTTP site with no security, which is obviously not the case.

More importantly, Google said that "this change is a better visual indication of the security state of the page relative to HTTP." The search giant's theory is that the lack of any warning won't discourage folks from browsing sites that are in the middle of migrating to HTTPS encryption. That in turn will encourage sites, it hopes, to make the switch, knowing they won't turn users off during the transition.

In a separate post, Google said that number of HTTPS sites significantly increased, with 63 percent now secure compared to 58 percent last year. It plans to eventually reduce the number of states to two, either "secure," or "not secure." It likely won't do that until the internet reaches a certain threshold of HTTPS sites, however. In other words, if you're the webmaster of an insecure HTTP site, you may want to get ahead of that before you get a big, red "X."