Taipei: Google's Chrome browser will stop automatically trusting new digital certificates issued by Chunghwa Telecom after July 31, 2025, due to "compliance failures." Chunghwa Telecom clarified that this decision is unrelated to any cybersecurity issues.
According to Focus Taiwan, the announcement was made in a May 30 blog post by the Chrome Security Team on the Google Security Blog. Google's decision impacts Chrome users globally, as the browser holds around 65 percent of the global browser market. The team stated that the default trust in TLS (Transport Layer Security) certificates from Chunghwa Telecom would be removed for certificates issued after the given date.
A TLS certificate encrypts data transmitted between a user's browser, the website visited, and the website's server, as explained by TLS solution provider DigiCert. Chunghwa Telecom, a major telecom entity in Taiwan, is one of the certificate authorities (CAs) whose TLS certificates were previously trusted by Chrome, meaning they were automatically accepted by the browser.
Starting August 1, when Chrome version 139 is released, users who visit websites with newer Chunghwa Telecom certificates will see a full-page security warning, indicating that their connection is not private and that attackers might be trying to steal their information.
Google's security team attributed this action to a pattern of compliance failures and unmet commitments from Chunghwa Telecom. They noted a lack of measurable progress in response to incident reports over the past months and years, which led to diminished trust in Chunghwa Telecom and Netlock, a CA based in Hungary.
Chunghwa Telecom responded by emphasizing that the removal from the trusted list was not due to vulnerabilities or key leaks but due to procedural adjustments not meeting Chrome's new requirements. The company assured that it has since made the necessary adjustments and now complies with updated policies, though Chrome has maintained its decision to remove default trust.
Certificates issued before July 31 will remain valid and trusted in Chrome. Chunghwa Telecom aims to regain default trust status by March 2026, ensuring compliance with Taiwan's Electronic Signature Act and international standards.
Wang Chen-ming, head of the Ministry of Digital Affairs' Department of Digital Service, reiterated that the issue was not related to cybersecurity, attributing it to inadequate management procedures. The government has implemented a dual-certificate mechanism to ensure secure operations on government websites across all major browsers.
The Ministry of Digital Affairs stated that users accessing government websites via Chrome will continue to have secure connections and need not worry about browser warnings.