Google Chrome's Deadly Skull & Crossbones Security Warning

Sep 14, 2010 • 8:08 am | comments (3) by twitter Google+ | Filed Under Other Google Topics
 

With the latest version (version 6) of Google Chrome when you stumble upon an insecure web site, Google may show you a picture of a red skull and crossbones in the address bar. Here is a picture of what it may look like:

Google Chrome Red Cross Skull Security Warning

There is a thread at the Google Chrome Help forum with tons of complaints. One person said, "I wish they would change it back. The skull and crossbones looks way too serious."

The thing is, the security prompts comes up for security prompts such as the page being secure but also containing elements that are not secure. For example, if you have AdSense on an SSL page, it might show the red skull. Technically, the page itself is very secure and the contents of what is being passed on the page (minus some of the elements) are secure but Google is showing this very serious looking warning.

Brian from Google said:

We're experimenting with a new warning icon on the dev channel builds. The skull and crossbones icon means that some of the resources on the current page weren't loaded securely (using SSL). This is known to the nerds among us as a "mixed content warning." The old indicator for "mixed content" was less prominent, so even though the site you're seeing this on probably hasn't changed, the warning is now getting more attention.

Then after additional complaints, Tony from Google said they might swap it out:

However, we hear you that the skulls and crossbones are too alarming and we thank you for this feedback. We're currently looking into ways to address this concern and will keep everyone updated as soon as we have more information. In the meantime, I've also linked to a help article below that has some information on what the new icons mean in the interim.

Think this skull and crossbones is too severe? I think it depends on how insecure the page is.

Forum discussion at Google Chrome Help.

Previous story: Daily Search Forum Recap: September 13, 2010
 

Comments:

Lex Aleksandre

09/15/2010 10:35 am

I'm using version 7 and Chrome is showing up in this skull in ubuntuforum-br.org. http://picasaweb.google.com/lh/photo/EM3YARiVJAL3mRy_MMQeOQ?feat=directlink

kevin

09/19/2010 02:52 am

It showed up on dominos.com pizza tracker and the only personal information that contains is my pizza details, not even my address or name...I think that's a bit overboard.

Ian Macfarlane

10/05/2010 09:01 am

Mixed content is a more serious issue than many people realise - e.g. it exposes you to man-in-the-middle attacks that essentially strips away the benefits of your secure connection. Whilst a skull and crossbones might be a little bit over the top, it's a real security threat, it's just that many people don't understand it. More info & a demo about this issue here: http://ie.microsoft.com/testdrive/Browser/MixedContent/Default.html

blog comments powered by Disqus