The problem with Google Chrome security warnings: it blocks perfectly good websites.
I understand it’s early days (May 2018) but it is still presenting warnings on it’s own web sites, so what chance do non-Google websites stand?
Here is the offending message when I attempted to visit: https://www.google.com/recaptcha/admin
Your connection is not private
Attackers might be trying to steal your information from www.google.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy
www.google.com normally uses encryption to protect your information. When Google Chrome tried to connect to www.google.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.google.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit www.google.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
Get help with a specific error message
- “Your connection is not private,” “ERR_CERT_SYMANTEC_LEGACY,”
- “NET::ERR_CERT_AUTHORITY_INVALID,” “ERR_CERT_COMMON_NAME_INVALID,”
- “NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM,”
- “ERR_CERTIFICATE_TRANSPARENCY_REQUIRED,”
- “SSL certificate error”
If the error mentions SHA-1 or Symantec, ask the site owner to update the site’s certificate. Learn more about why SHA-1 and Symantec-issued certificates are not supported.
If the error mentions HSTS, privacy certificates, or invalid names, try the steps below:
Step 1: Sign in to the portal
Wi-Fi networks at places like cafes or airports need you to sign in. To see the sign-in page, visit a page that uses http://.
Go to any website starting with http://, like http://example.com.
On the sign-in page that opens, sign in to use the internet.
Step 2: Open the page in Incognito mode (computer only)
Open the page you were visiting in an Incognito window.
If the page opens, a Chrome extension isn’t working right. To fix the error, turn off the extension. Learn how to turn off Chrome extensions.
Step 3: Update your operating system
Make sure your device is up-to-date on Windows, Mac, or another operating system.
Step 4: Temporarily turn off your antivirus*
You’ll see this error if you have antivirus software that provides “HTTPS protection” or “HTTPS scanning.” The antivirus is preventing Chrome from providing security.
To fix the problem, turn off your antivirus software. If the page works after turning off the software, turn off this software when you use secure sites.
Remember to turn your antivirus program back on when you’re done.
Step 5: Get extra help
If you still see the error, contact the website owner. You can also get more help on the Chrome Help Forum.
Concern
Is Google second guessing it’s own detection service?
The address is clearly https, so why go down the HSTS path? Is Google aware of flaws in https?
*Are we kidding Google: seriously, turn off antivirus software to access a potentially insecure page?
Final word: I believe we should be given the final say: after being warned, we should be presented with a link to the offending website with a clear message saying “You have been warned”. I say this because the example above did not include a link. I was unable to visit the page until 2 days later when the message mysteriously vanished.
Help is on the way
- Check if a site’s connection is secure – Google Chrome Help
Leave a Reply
You must be logged in to post a comment.