Chrome to provide TLS interception warnings

By on
Chrome to provide TLS interception warnings

Former intern develops warning interstitial for browser.

Google is trialling a warning system for its Chrome web browser that will alert users if their network connections encrypted with transport layer security (TLS) are being intercepted by attackers.

Developed by former Google internet Sasha Perigo, the warning system is currently being tested out in Chrome's "Canary" early developer preview channel.

It is expected to appear in build 63 of the web browser, which is due out in early December.

Man-in-the-middle attacks are performed with software that runs on users' computers or the networks they are connected to, tapping into traffic flows and rewriting the TLS connections.

Users with MITM software installed commonly see TLS error messages in their browsers, but from build 63, Chrome will display an interstitial that cannot be clicked away to warn that the connection is insecure.

To try out the feature on the current Chrome Canary build, users can start the browser with the command line flag --enable-features=MITMSoftwareInterstitial.

Security products such as antiviruses and firewalls also intercept and rewrite TLS connections to decrypt the traffic for analysis.

This approach was recently criticised by security researchers for poor implementation and difficult configuration.

In many cases, poor TLS implementations in the products introduced security holes for users without them noticing, the researchers said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?