Google announced on Friday that the Chrome Root Store will stop trusting digital certificates issued by Chunghwa Telecom and Netlock.
This change will be implemented in Chrome version 139 and will apply to all Transport Layer Security (TLS) server authentication certificates issued by these two Certificate Authorities (CAs) after July 31, 2025, at 11:59:59 PM UTC. Certificates issued before this deadline will remain valid.
According to Google, this decision follows a decline in confidence in Chunghwa Telecom and Netlock as CA Owners due to "patterns of concerning behavior observed over the past year."
These recurring issues have led to a loss of integrity and failure to meet the standards expected of publicly trusted certificate issuers, according to Google's statement.
Over recent years, both Chunghwa Telecom and Netlock have struggled to comply with required standards, failed to honor their commitments to improve, and did not make meaningful progress in addressing publicly reported incidents.
Google explained that removing trust in these CAs is necessary to maintain the security and integrity of the Chrome Root Store and to protect Chrome users.
After the update takes effect, users of Chrome 139 on platforms such as Windows, Linux, macOS, Android, and ChromeOS will receive a "potential security threat" warning when visiting websites that use certificates issued by either CA after July 31.
To prevent service disruptions, Google advises website operators to use the Chrome Certificate Viewer to verify their certificates and to replace any that may be affected before the deadline. Although it is possible to delay the impact by obtaining and installing a new TLS certificate from Chunghwa Telecom or Netlock before August 1, 2025, website owners will ultimately need to switch to a different CA that is trusted by the Chrome Root Store.
For Chrome users and organizations, Google notes that they can choose to manually trust any affected certificates in Chrome versions that rely on the Chrome Root Store. This requires installing the corresponding root CA certificate as a trusted root on the system’s operating system.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
