Chrome 77, which is due out in September, sites that use Extended Validation (EV) certificates will no longer have a space in the address bar to display the site owner’s name.
Something similar is happening in desktop Firefox 70, scheduled for an October release, will be the same.
Mozilla and Google are moving the EV information to behind the padlock icon, which users can click on to view certificate information. Mozilla says its change to EV indicators is about “reducing the exposure of EV information while keeping it easily accessible”.
Certificate vendors could charge more for EV certificates to owners of HTTPS websites, such banks and e-commerce sites, which would undergo an extended validation process.
Google explains that its new approach to EV certificate indicators in Chrome 77 is because the Chrome Security UX team “has determined that the EV UI does not protect users as intended”.
“Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection,” Google says.
Additionally, EV indicators are an example of “positive indicators”, such as the padlock that still Chrome uses to indicate an HTTPS site.
Chrome will eventually remove the padlock icon for HTTPS sites and has already started instead to emphasize a red ‘Not secure’ warning for all HTTP sites. Firefox 77 will also follow Google Chrome’s lead on ‘not secure’ alerts for HTTP sites.