Unauthorized Google Certificate Discovered

Fallon Innovation Inc.  / Security News /  Unauthorized Google Certificate Discovered

Unauthorized Google Certificate Discovered


Google has reported that Chrome detected a fraudulent digital security certificate for the *.google.com domain. This could have potentially allowed whoever possessed the certificate to impersonate Google. The problem originated with a mistake by a Turkish Certificate Authority. From the Google blog post by software engineer Adam Langley:

TURKTRUST told us that based on our information, they discovered that, in August 2011, they had mistakenly issued two intermediate CA certificates to organizations that should have instead received regular SSL certificates.

The post from Google is a bit on the technical side, but The Register has a more straightforward explanation of the situation. To protect yourself against any potential misuse of these certificates, Microsoft recommends ensuring you have all the latest updates installed; Chrome and some other browsers update automatically.