Chrome removes the company name from the address bar for EV Certificates

Google has on a security-dev forum recently confirmed that they will be removing the EV Certificate (Extended Validation SSL) indicator from the address bar in their Chrome web browser – starting with version 77. This means that the certification owner’s company name no longer will be shown next to the padlock in the address bar, as it has previously been for EV Certificates.

While the importance of SSL Certificates remains, the change will rather affect how the security information is displayed for website visitors.

According to fresh statistics from W3Counters, Chrome controls over half (55.4%) of the web browser market, which means that the change will have significant impact.

There are supposedly several reasons for these updates. Among others, the efficiency of EV has been questioned over the last few years, and there is doubt that the users will notice the lack of security indicators. The fact that SSL Certificates is a hygiene factor, as well as an important security add-on, is however not being questioned.

Even if the information is removed from the address bar, Google means that the information will be easily available for the users if they click on the padlock symbol.

Google also provides a picture of how it will look instead.

 

Before changes:

Picture from security-dev-forum

After changes:

Picture from security-dev-forum

 

Safari has earlier taken the step to exclude the company name from the certificate field but has continued to support EV Certificates with green address information. This can be compared to certificates with lower validation, e.g. domain validation certificates, where the address bar is black but the security still is displayed with a padlock and https.

Mozilla also confirms that they intend to implement the same changes in Firefox, starting with version 70.

Browser statistics, July 2019, according to W3Counters:

Chrome 55.4%

Safari 12,5%

Internet Explorer & Edge 8,6%

Firefox 6,5%

Opera 2,8%

At Dotkeeper we will continue to follow and report on the development.

Source: security-dev-forum