Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
The big picture: Chrome is by far the most popular browser across various platforms and device types, with a market share of over 66 percent. Needless to say, every change Google makes to its proprietary browser inevitably influences all major players in the web ecosystem.
Google recently announced two major initiatives aimed at enhancing web security, with the ultimate goal of making encryption and certificate management more reliable and resilient against cybercrime. These new features are part of the Chrome Root Program, which, according to Google, demonstrates the company's commitment to strengthening online security through its Chrome browser.
As the world's most popular browser vendor, Google is highly motivated to improve web safety by encouraging industry organizations to adopt its proposed standards. The latest changes from the search and advertising giant involve the CA/Browser Forum, a cross-industry group that establishes baseline requirements for issuing TLS certificates.
TLS connections, which enable encrypted HTTPS protocols, are the backbone of modern web security. However, cybercriminals are constantly seeking ways to circumvent these protections. To counter this, Google has proposed two key measures: Multi-Perspective Issuance Corroboration (MPIC) and an automated vetting process known as "linting."
Google explained that MPIC enhances existing methods for validating domain legitimacy before a Certificate Authority issues a new TLS certificate. The current process, known as "domain control validation," can be exploited in various ways, potentially leading to fraudulent certificate issuance. MPIC aims to mitigate these risks by introducing additional verification perspectives.
The CA/Browser Forum unanimously adopted MPIC in a recent voting session, making it a mandatory requirement for Certificate Authorities during the certificate issuance process. Google also highlighted the Open MPIC Project as a robust implementation of this new validation method.
While MPIC helps prevent fraudulent certificates from being issued, linting provides an additional layer of security by analyzing X.509 certificates for potential issues. The X.509 standard defines the format for public key certificates and plays a crucial role in the TLS protocol. With linting, CAs can verify whether a certificate is properly formatted for its intended use, such as website authentication.
Linting also identifies insecure certificates that rely on weak or outdated encryption technologies, thereby enhancing security and ensuring better interoperability between CAs through adherence to industry standards. Google noted that the linting process can be implemented through various open-source projects, including certlint, pkilint, x509lint, and zlint. The company once again secured unanimous support for linting in a recent CA/Browser Forum vote, and the technology officially became a requirement for new public certificates issued by CAs on March 15, 2025.
English (US) ·