Google will no longer trust digital certificates that were issued by certificate authorities WoSign and StartCom after October 21. The decision affects Chrome version 56, according to a Google Security blog post.
Google Chrome is “unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance,” Chrome security team member Andrew Whalley wrote in the blog post.
Chrome is the third browser platform to remove trust for the two certificate authorities. Last week, Mozilla announced trust would be removed for WoSign and StartCom in Firefox 51. An investigation launched by Mozilla uncovered several problems in WoSign’s SSL certificate issuance process.
The Chinese certificate authority was “backdating SSL certificates in order to get around” a deadline on certificate authorities to stop issuing SHA-1 SSL certificates, program manager Kathleen Wilson wrote on the Mozilla security blog.