1

Update on Chrome 53 Bug Affecting Symantec SSL/TLS Certificates

Created on Dec 03 2016, 1:44 AM by Rick Andrews

As mentioned on November 10, 2016, we were made aware of a bug in Chrome version 53 that affects some Symantec, GeoTrust, and Thawte SSL/TLS certificates resulting in an untrusted error displaying when visiting affected websites.  There were no issues with the certificates used on the affected websites, but rather, the issue is entirely a Google bug with specific versions of Chrome, Chromium, Chrome Custom Tabs and WebView.

Since my initial post, we’ve gained more insight into the scope of impacted platforms and releases for this bug, and although the majority of them have been patched, there is an outstanding issue with Android apps that leverage the WebView version 53. To remedy this problem, end users of affected applications will need to update to the most recent version of WebView (currently, that's version 54) and the forthcoming Chrome version 55 (or later versions). Developers using Android Open Source Platform (AOSP) will need to review their own apps to ensure compatibility.

Other Chrome-based applications and platforms have been patched by Google including Chrome Mac, Chrome Windows, Chrome Linux, Chrome Android, Chrome iOS, Chromium, Chromium-based browsers, and Chrome Custom Tabs. All of these will operate normally on Chrome version 54 for the time being, and are fully patched in Chrome version 55 (or later versions). We expect no adverse issues on these platforms at this time, and no action should be required by users leveraging typical update mechanisms.

Update, February 15, 2017: Google reports that bug fixes have been made available across all platforms. However, in some locations those fixes are not automatically deployed to affected customers. Those customers must manually update their applications to take advantage of the bug fix.

  • Products
  • Google Chrome
  • TLS certificate
  • Symantec Website Security
  • SSL
  • DigiCert Code Signing
  • DigiCert SSL TLS Certificates
  • Products and Solutions

Comments

  • 0

    Hello, 

    We're still having some problem with the Chrome for Android, even with the Chrome 56 update. 

    Is anyone facing the same issue?

  • 0

    Yes, I am having this problem too.  Support said it has been fixed in new versions of Chrome for Android, but I am running the newest and I get the error still.  SSL site works on all desktop browsers and iPhones, Windows Phone, Pixel...everything. Except certain Android phones.  This is what I see.

    ssl_screenshot.png