Google Chrome users could be seeing a dramatic change in their address bars soon after the company revealed it is set to remove one of the most important safety features.
The browser will soon be dropping the lock icon, shown in the address bar to signify whether a website is secure or not, as part of a broader redesign move.
In its place, a rather confusing and unclear version of Google’s “tune” icon will replace the lock, signalling to users that it can be clicked on and modified.
Google Chrome HTTPS
In a blog post (opens in new tab) announcing the change, set to come in with Chrome 117 in September 2023, Google says that the move has been planned for some time, and reflects the changing state of the internet as a whole.
It notes that HTTPS websites, generally regarded as being secure, are now widely used, which was not the case as recently as 2013, when only 14% of the Alexa Top 1M sites supported HTTPS only. Now that figure is over 95% (for Chrome page loads in Windows), Google says the time is right to “re-evaluate” how it flags secure systems to Chrome users.
It added that the lock icon isn’t going away completely, as it will still be present in the Chrome ‘tune’ submenu when website connections are secure.
”When HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS,” the company said. “Today, this is no longer true, and HTTPS is the norm, not the exception, and we’ve been evolving Chrome accordingly.”
However, Google also warns that cybercriminals often use landing pages for phishing attacks that show the lock icon, fooling victims into thinking the websites are safe.
“Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless — nearly all phishing sites use HTTPS, and therefore also display the lock icon,” Google said.
“Misunderstandings are so pervasive that many organizations, including the FBI, publish explicit guidance that the lock icon is not an indicator of website safety.”