Big photo: Chrome is the most popular browser in various platforms and devices so far, with a market share of more than 66 percent. Needless to say, Google essentially affects all major players in the web ecosystem.
Google recently announced two major initiatives aimed at increasing web security, with the ultimate goal of making encryption and certificate management more reliable and flexible against cyber crime. These new features are part of the Chrome root program, according to Google, displays the company’s commitment to strengthen online security through its Chrome browser.
As the world’s most popular browser vendor, Google is highly motivated to improve web security by encouraging industry organizations to adopt its proposed standards. The latest changes of search and advertising giants include the CA/browser forum, a cross-industry group that establishes baseline requirements for issuing TLS certificates.
TLS connections, which enable encrypted HTTPS protocols, are the backbone of modern web security. However, cyber criminals are constantly looking for ways to ignore these security. To compete this, Google has proposed two major measures: Multi-Perfect issuing Corporation (MPIC) and an automatic vet process known as “linting”.
Google reported that MPIC increases existing methods to validate the domain validity before issuing a new TLS certificate. The current process, known as “domain control verification”, can be exploited in various ways, which is probably leading to issuing fraud certificate. The purpose of MPIC is to reduce these risks by introducing additional verification approaches.
The CA/Browser Forum unanimously adopted the MPIC at the recent polling tussle, making the certificate an essential requirement for the authorities during the process of issuing the certificate. Google also highlighted the open MPIC project as a strong implementation of this new verification method.
While MPIC helps prevent the release of the fraud certificate, LINTING provides an additional layer of protection by analyzing X.509 certificates for possible issues. The x.509 standard defines the format for public key certificates and plays an important role in the TLS protocol. With linting, CAS can verify whether a certificate is properly formatted for its intended use, such as the website authentication.
Linting also identifies unsafe certificates that rely on weak or old encryption technologies, which increases security and ensure a better difference between the CAS through the observance of industry standards. Google stated that the lineing process can be implemented through various open-sources projects, including Cartlint, Pkilint, X509LINT and Zlint. The company once again unanimously supported the Linting in the CA/Browser Forum vote, and the technology became a requirement officially for the new public certificates issued by CAS on 15 March 2025.
