Security Blog
The latest news and insights from Google on security and safety on the Internet
Improved Digital Certificate Security
18. september 2015
Posted by Stephan Somogyi, Security & Privacy PM, and Adam Eijdenberg, Certificate Transparency PM
On September 14, around 19:20 GMT, Symantec’s Thawte-branded CA issued an Extended Validation (EV) pre-certificate for the domains
google.com
and
www.google.com
. This pre-certificate was neither requested nor authorized by Google.
We discovered this issuance via
Certificate Transparency
logs, which Chrome has required for EV certificates starting January 1st of this year. The issuance of this pre-certificate was recorded in both Google-operated and DigiCert-operated logs.
During our ongoing discussions with Symantec we determined that the issuance occurred during a Symantec-internal testing process.
We have updated Chrome’s revocation metadata to include the public key of the misissued certificate. Additionally, the issued pre-certificate was valid only for one day.
Our primary consideration in these situations is always the security and privacy of our users; we currently do not have reason to believe they were at risk.
Ingen kommentarer :
Send en kommentar
Etiketter
#sharethemicincyber
#supplychain #security #opensource
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2025
jan.
2024
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2023
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2022
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2021
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2020
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2019
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2018
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2017
dec.
nov.
okt.
sep.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2016
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2015
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
jan.
2014
dec.
nov.
okt.
sep.
aug.
jul.
jun.
apr.
mar.
feb.
jan.
2013
dec.
nov.
okt.
aug.
jun.
maj
apr.
mar.
feb.
jan.
2012
dec.
sep.
aug.
jun.
maj
apr.
mar.
feb.
jan.
2011
dec.
nov.
okt.
sep.
aug.
jul.
jun.
maj
apr.
mar.
feb.
2010
nov.
okt.
sep.
aug.
jul.
maj
apr.
mar.
2009
nov.
okt.
aug.
jul.
jun.
mar.
2008
dec.
nov.
okt.
aug.
jul.
maj
feb.
2007
nov.
okt.
sep.
jul.
jun.
maj
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
Ingen kommentarer :
Send en kommentar