Chrome Drops Trust for Chunghwa, Netlock Certificates: What Does This Mean for Users and Website Operators?

In a significant move to protect its users, Google Chrome has decided to withdraw its trust from digital certificates issued by Chunghwa Telecom and Netlock. This decision, announced in June 2025, will take effect in August, and it has far-reaching implications for both internet users and website operators relying on certificates from these certificate authorities (CAs). As part of its continuous effort to maintain a secure and trustworthy browsing environment, Google is taking this step due to a loss of integrity observed in the practices of these two companies.

Google Chrome Withdraws Trust from Chunghwa and Netlock Digital Certificates

Starting from Chrome version 139, scheduled for release on August 5, 2025, users will no longer have their digital certificates from Chunghwa Telecom and Netlock trusted by default in the browser. This is part of Google’s ongoing effort to safeguard the Chrome browsing experience by ensuring that only trustworthy Certificate Authorities (CAs) are included in Chrome’s Root Store, which is a list of trusted CAs used to validate secure HTTPS connections.

Chunghwa Telecom, Taiwan’s largest telecommunications operator, and Netlock, a digital certification provider based in Hungary, have both seen their certificates removed due to a “loss of integrity.” Google’s security blog post indicates that both companies had demonstrated “patterns of concerning behavior” over the past year. These behaviors fell short of Google’s expectations for the trust and reliability CAs must provide to Chrome users.

This decision does not imply that websites using certificates from Chunghwa or Netlock will be completely inaccessible, but users will first see an interstitial warning page that informs them the connection is not secure. To continue browsing, users will need to manually bypass the warning. However, this will disrupt the browsing experience and could lead to significant trust issues for websites that still rely on these certificates.

What Undercode Says:

The move to revoke trust in Chunghwa and Netlock certificates marks an important shift in how browser developers are scrutinizing the integrity of Certificate Authorities. While the decision might not affect the immediate usability of websites, it does highlight a growing trend of browser developers taking a more proactive stance on certificate security. The revocation of trust for these CAs aligns with broader trends in the cybersecurity industry, where digital certificate abuse has become a major concern.

Google’s policy change follows similar actions taken by other organizations, including the removal of Entrust certificates in 2024. Such measures are intended to ensure that only those CAs that comply with stringent standards for security, accountability, and timely certificate revocation are included in Chrome’s trusted list. This is crucial in preventing cyberattacks that exploit certificate vulnerabilities, such as man-in-the-middle attacks, where attackers forge certificates to intercept and manipulate encrypted traffic.

For website operators, this change signals the need for vigilance and proactive certificate management. Operators relying on certificates from Chunghwa or Netlock will need to transition to another trusted CA before their current certificates expire. Failing to do so could result in visitors encountering security warnings, potentially damaging their trust in the website and harming overall user experience.

The broader context of this issue is the growing importance of cybersecurity in the digital age. With data breaches, identity theft, and other malicious activities on the rise, ensuring that only secure connections are allowed in the browser environment is essential. Google’s decision is a reminder to all organizations involved in internet security that they must meet high standards and continuously improve their practices to maintain trust in the digital ecosystem.

Fact Checker Results 🔍

Certificate Authorities Must Adhere to Rigorous Standards: Both Chunghwa Telecom and Netlock violated basic CA/Browser Forum requirements by failing to revoke mis-issued certificates within the required time frame.
Impact on Users is Limited but Noticeable: The trust withdrawal doesn’t block websites, but users will encounter warnings, potentially diminishing trust in sites using the affected certificates.
Proactive Security Measures: Google’s action aligns with broader efforts across the tech industry to remove insecure certificates and prevent cyberattacks.

Prediction 📈

The trend of tightening security standards for Certificate Authorities will likely continue. Other major browsers, such as Mozilla Firefox, are expected to follow suit with similar measures against CAs that fail to meet the required standards. As cybersecurity threats become more sophisticated, we can expect further actions that will force webmasters and CAs to ensure their compliance with industry best practices, including timely certificate revocation and transparent auditing. This will ultimately lead to a safer internet, but also more responsibilities for website operators and digital certificate issuers.