← Back to release summary

Stop Trusting SHA-1 Certificates

Category

Network / Connectivity

Type

New or changed feature

Status

Removed (Chrome 56)

Intent stage

None

Summary

Protect Chrome users from attackers who might use the broken SHA-1 hash algorithm to obtain counterfeit website authentication certificates.

Standards & signals

• Firefox: Positive
• Safari: In development
• Web developers: No signals
• Tracking bug: https://crbug.com/653691

Docs: https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html https://security.googleblog.com/2015/12/an-update-on-sha-1-certificates-in.html https://sites.google.com/a/chromium.org/dev/Home/chromium-security/education/tls/sha-1

View on chromestatus.com