Bug on Chrome, revealed recently, led to errors when accessing HTTPS-sites from personal computers, as well as Android devices. Discovered bug causes problems with validation for some of Symantec SSL-certificates. The same problems also affected certificates issued by certification authorities GeoTrust and Thawte. Symantec owns these CAs.
A bug was identified in Chrome 53. Also, the bug spread to the WebView component of Android, which is responsible for the output of web content in Android applications.
Users need to use the latest versions of WebView and Chrome (version 55) to resolve this issue on Android. Developers using the platform Android Open Source Platform (AOSP), need to work to ensure application compatibility.
Starting with Android 5.0 (Lollipop), WebView component is delivered in the form of applications, updated through the Google Play store.
Version 55 Android System WebView was published on December 1, but Chrome for Android is still available in version 54. Google developers have made changes to Chrome, as well as related products, so Symantec certificates will no longer lead to the error of confidence, since version 54 (in part) and completely in 55. It is best to upgrade to version 55.
The problem was caused by Google’s decision to force Symantec to publish all certificates issued after June 1, to the public log certificates transparency. This decision was made as a result of the internal investigation into the issue of EV certificates by Symantec last year without being checked the domain owners. Then Symantec noted that the certificates have been issued for the purpose of testing and are internal.
Certifying Centers depend on browsers, but large companies can bring venues to account, if they would violate the rules for issuance of certificates. After the incident with Symantec, Google has applied the mechanism in Chrome 53 that is associated with the trust for the certificate issued after 1 June when they added to the transparency log.
However, there is a 10-week limit on confidence to the data in the transparency logs, and in the end it led to the fact that the errors began to appear even in the correct certificate.