Any fixes for Chrome's new security check?

It looks like Chrome now imposes a mandatory security check on all web sites before downloading any HTML code or allowing access. When it thinks the site isn’t secure (which could be wrong), either you get a warning message which you have to bypass or you get no bypass option at all and you are totally blocked from that site.

Is this happening to anyone else, or just me? I just checked another Win 7 computer I use, and Chrome doesn’t work this way there, so maybe there’s something in my main unit that I am overlooking.

I can disable the check with the execution flag “-ignore-certificate-errors”, but that doesn’t seem like a good idea for long. Firefox works OK.

Any other fix suggestions? I really like Chrome’s features, but if I can’t view my mail, fancy features are useless.

I’ve had it happen to me. But if Chrome is telling me they don’t want to go there, then I’ll trust that judgement call. Not something I feel compelled to find a work around on.
Perhaps I put too much faith in Chrome? :slight_smile:

I’m aware of what** Grrr!** and PastTense are saying. I think the new Chrome security detection is different from the old one embedded in the settings. The settings one (“dangerous site alerts”) seems to be a good idea and I haven’t changed that, which I think relies on a badsite list maintained by Google.

This is something new; I’ve been reading about it for a week in the geek news, warning that it was about to be imposed. It is a certificate comparison check, whatever that is.

The fact that it works differently on two of my machines, both running Win 7 (but different sub-versions: Starter & Pro) makes me suspicious that there is some conflict between the OpSys & Chrome.

Can you supply a link to a site that triggers this behavior for you?

Apparently this is something which has just been added to the latest version of Chrome. OP check the two different Chrome browsers you are using and check Help/About to see which version of Chrome you are using. If it is Chrome 58 with the problem then you could revert to Chrome 57. Here is a Reddit discussion:
https://www.reddit.com/r/sysadmin/comments/677hep/chrome_58_not_supporting_self_signed_certificates/

Sure. Try https://www.godaddy.com/ or anything which Chrome thinks is “not secure,” or about 1/4 of the reputable sites I visit.

Oddly, that godaddy link is using https, so Chrome is using a certificate match for their apparently bogus determination.

I didn’t know you could revert with Chrome, but I’ll check that out. The problem machine is using “58.0.3029.81 (Official Build) (64-bit)” while the good machine is “58.0.3029.81… (32-bit)”, so the difference is only in the 64/32 bit designation.

However, the bad machine has been running this vs. for about 60 days and only in the last few days did the problem crop up.

ETA: Reddit is one of the sites Chrome blocks, so I have to bypass the “feature” to even see the discussion.

ETA: Also blocked is Chrome Platform Status

Chrome doesn’t like the Washington Post much, either. Now there’s a rogue site, fersure.

Both the Washington Post and Reddit work for me in Chrome. Are you sure that there isn’t something malicious on your machine or in your network that Chrome is protecting you from?

Both of them WORK for me in Chrome, for certain definitions of “work.” But Chrome shows those sites as “not secure,” even though they are using https. If they are considered “not secure,” then I have to turn off the certificate check in order to view them.

Yeah, looks like a bug. Some self-signed SSL certificates were invalidated by the latest version of Chrome. There’s a possible workaround if you manually configure Chrome to trust the SSL cert (protip: as of Chrome 56 you need to do this through developer tools aka ctrl-shift-I) but otherwise you’ll have to wait til the bug is fixed or the website admins redo their SSL certs properly. Or just click through the warnings.

That’s possible for some sites, but some of the warnings do not offer a click-thru. Some others, when bypassed, show subsequent web pages as text only, minus graphics.

So far, my workaround has been to turn off the certificate check by invoking Chrome as per an earlier post. Or use Firefox.

I’m using the same version of Chrome, 58.0.3029.81 (64-bit), and do not have any issues with https://www.godaddy.com.

I took a look at the reddit link posted by PastTense, and I’m not sure it’s related to what you are experiencing. Though I really only looked at it for about 10 seconds.

If I understand what you’ve said so far correctly, you should only get this problem when accessing sites via https, is that not the case? Or have you gotten this error when accessing with http? (If so, link please?)

If it is a certificate problem, can you inspect the exact error (e.g., what Chrome thinks is wrong with the certificate) by doing this:

[QUOTE=https://www.howtogeek.com/292076/how-do-you-view-ssl-certificate-details-in-google-chrome/]

You can find this information by going to the Three Dots Menu -> More Tools -> Developer Tools, then click on the Security Tab. This will give you a Security Overview with a View Certificate Button.
[/QUOTE]

That’s FAKE NEWS doncha know? Chrome is your friend!

If this was a problem that affected everyone, I don’t think it would have made it through beta. Either something about your configuration or some bug in the system must be causing the problem.

I wonder if you could try making a new Chrome Profile (using the user button near the top right) and see if the problem is also in that account.

Also, I wonder if you have some sort of proxy or something causing problems. Or something else with your ISP.

And, yes, finally, I wonder if you have malware that is trying to load, and failing because of the new certificate check.

No malware. I know it if I see it. If malware was the problem, why would it be URL-dependent?

Not sure, but I think https is the only problem. Since my workaround (invoking Chrome with the nocheck param) is working pretty good so far, I think I will continue with it for now. Since not-checking certs is the way Chrome used to work, nothing has really changed. I’ve just disabled an obnoxious “feature.”

I don’t think that’s true. I haven’t looked into it specifically but just looking at the option “-ignore-certificate-errors” it would seem to mean that ANY problem with SSL certificates will be ignored by chrome. I believe the problem you face now is that chrome got a little tighter about what it allows you to do when it encounters a cert problem. But this option, if I’m not mistaken, is telling it to not care at all about any problems it sees with certs. Which is not really a safe way to go about internetting.

Be that as it may, if Chrome gets so tight I can’t access my own email account or other clearly reputable sites, I might as well not use it. So this is a compromise for now, and a risk I have to take.

But you ought to investigate why YOUR chrome is having an issue with the certs on common sites where no one else is having problems. You’re treating the symptom, not the root cause. If you don’t feel it’s worth your time then that’s of course entirely up to you.