On this Monday Google officially announces that it plans to distrust Symantec security certificates from the release of Chrome 66 in 2018. The specific timeline plan was posted on the official Google Security blog, and it shows that Symantec-issued security certificate issued prior to1 June 2016 will no longer be accepted as valid and trustworthy, with the Chrome 66 which is expected to release on April 17, 2018.
According to the timeline, the Chrome 62 expected to launch on 24 October will add alerting in DevTools when evaluating certificates that will be affected by the Chrome 66 distrust. Symantec will switch the certificates issuance to DigiCert infrastructure by 1 December this year, and subsequently any certificates issued based on the old infrastructure will not be trusted and cease working in future Chrome by that day.
The latest version of the Chrome web browser is 61.0.3163. Version 66 is scheduled for release to Chrome Beta users on 15 March 2018 and to standard Chrome users around 17 April 2018. Anyhow, if you are a site operator that requires a certificate from Symantec’s existing root, you’d better get one after 1 December 2017, and even so, it still needs to be replaced before the Chrome 70 finally comes out.
Chrome 70, which is expected to release on 23 October, 2018 will not trust the old certificates issued by Symantec. The affected brands includes Thawte, VeriSign, Equifax, GeoTrust and RapidSSL. Other secondary Certificate Authorities (CAs), such as Google and Apple, are exempted from being distrusted in Chrome browser.
Original source: Chrome’s Plan to Distrust Symantec Certificates