We've heard your feedback and we truly appreciate it.
We've replaced the skull and crossbones icon with a grey lock icon with a red X through it. We feel this better illustrates the risk of being on a page with active mixed content or an invalid certificate. While the severity of what someone with malicious intent could do to you on such a page is high, the likelihood of such an attack happening is lower than the skull and crossbones icon indicates.
For a full explanation of what I mean by "active mixed content" and "invalid certificate," please see the help article in reference 1 below.
If you would like an easy way to block mixed content, you can install the Google Chrome extension in reference 2 below.
Thanks again for your feedback. In all of the changes we make, we're working to give you the best information to make you as safe as possible when you're browsing the web.
Hi, I'm having this same problem. The red skull and crossbones seems to be indicating that the webpage is NOT using HTTPS, indicating that the link to the page is not secure nor encrypted. This just started today for me.
We're experimenting with a new warning icon on the dev channel builds. The skull and crossbones icon means that some of the resources on the current page weren't loaded securely (using SSL). This is known to the nerds among us as a "mixed content warning." The old indicator for "mixed content" was less prominent, so even though the site you're seeing this on probably hasn't changed, the warning is now getting more attention.
so are you going to fix this soon, or do I just uninstall you and download mozilla or something else? I can not bear the thought of going back to IE. My homepage is Yahoo and I can not use it, and you, at the same time now. Somebody has to go.
I think there are actually 2 versions to it.. for google mail the icon is - lock with a x sign over it and for google adsense it is the skull and bones icon.. both denote the same "mixed content warning" or are they different?
I cannot load Google calendar, ironically enough, and am getting this warning on that failed tab. Everything else loads fine, including Gmail. It appears to be more than a warning. There appears to be a bug with this.
i've had this warning flash up and it made me feel a bit uneasy as well. Weirdly it happens when I'm using Google Docs, which seems to be working fine. Surely Google needs to change it to something that's a bit less intimidating if there's no need to worry about it?
If you have any sort of theme in use for gmail that has graphics, i assume those get transferred over http and as such gives a mixed content warning. If my friend asks me why they have a skull and crossbones, i would be worried that they might be subject to a man in the middle attack, not that their theme graphics are coming over via http.
The answer doesn't help at all! What resources are not secure? How do I locate & get rid of them? Are all my emails in danger of being seen / rerouted / attacked? What a stupid warning to just throw out there and not provide detail & real help. WE ARE NOT ALL COMPUTER FREAKS!!!!
It would help if there was an explanation of the icon on the "Security Information" popup - currently, the user clicks on the scary icon and finds nothing helpful there. Major astonishment.
Ok, I'm a computer geek and I'm gonna side with the everyone else here: what's the point of having a big scary notice like that, then tell us to just ignore it (quote: "It doesn't prevent you from using the page...")? Since the mixed content is a potential security risk, and we don't have an obvious way to tell what's insecure, I'm thinking it's better to stop using Gmail and I'll tell everyone else I know to stop using it if this continues. Sure, the problem may have always been there, but since you're making a point to make it obvious like this, the site needs to be secured or it can't be trusted. That's one of the biggest problems with computer security these days: warn the user there's a problem, but then train them to ignore them. How much sense does that make?
the issue with the skull and crossbones, does this mean that the site is not secure....is there something we as users have to do to make sure our info is not being hacked?
Ok, the answer of Brian appears to make sense, thank you for that. My only problem is:
The symbol appears in my GMail inbox page... and the only element that is not 100% Google material in this page is the silly random ad-bar on top of the Inbox list (That I never use by the way)
Is THIS element the one that is not safe? If it is that way, why should I keep it there?... How come I'm not able to disable it from my account view?
Now: If the unsafe element is not this ad-bar, that means that some of the elements of my GMail page are unsafe. Now that would be a real problem because I don't feel comfortable using a system that is telling me "Hey, whatever you write with us is unsafe" I'm not naive, I understand that any page can (and is) being hacked from time to time, but it certainly doesn't help to feel good to have the remainder while I send my personal stuff around the web.
I like GMail, I would love to keep it... but I would REALLY appreciate a more extensive answer before making a decision.
The Red Skull & Crossbones are very creepy and distracting... over the top, I'd say, for whatever it is you're trying to accomplish. It shows up when I go to my Google Site... like soom big red eye stopping Pirate Flag... and I don't like it. There is no explanation included as to what to do to alleviate whatever problem that's causing the ridiculous Halloween Icon to appear. It gave my girlfriend a startle and she was immediately worried about Viruses and such... It doesn't seem like a very brilliant improvement to the browser and for me... puts a very negative RED Shadow over my overall Google Chrome Browser usage.
Are you going to do something google?????? This is stupid that you are training us to ignore the most terrifying security symbol ever!!! Do something!!!!
FFS! I just got this when I went to initiate a remote login to my uni's science journal databases. So now I've spent very precious time coming here to find out what's going on! Was also on the verge of emailing a "Please Explain" to Uni Library Services. Ended up going through Firefox to the database. Not impressed!
Please don't do what Apple did, they changed the algorithm for signal detection then claimed the problem was fixed. We need to know what is secure and what isn't.
Beta user, just saw this today. Allow me to join the chorus suggesting that the red skull and crossbones with crossed-out https implies a much more sinister problem than it actually signifies.
It's sort of like putting a poison label on a box of cookies because the plastic tray inside isn't edible.
So like, the people in here complaining about the icon, is there a reason you're not just running the stable build of Chrome? They're testing a new icon and while I'm sure Google appreciates your feedback, some of the comments are kind of shrill.
Got a problem, maybe someone can enlighten me on to why I am receiving this...
1- I go to my store page and am pushed to https, everything is fine with the ssl, green icon 2- I click my home page link which is relative so it pops me onto the https home page but not everything is relative (tracking cookies and so on) so I receive skull&bones, got it 3- I then click back over to my store page and the skull&bones stays, why would it do this? I have checked all resources for the store page and they are all linked relatively and are pulling in as https 4- If I remove the https and refresh http on the store page and then add the https and refresh it goes back to green lock symbol
Is there something persistent that is not refreshing when I click over to the store? Any help would be appreciated
@lou_dog: that's correct behavior. Once you reach a “polluted” page, an attacker could be relaying false information from the bad page to the new. The safe thing to do is to start with a new tab.
@KelsonV, although unusual, the skull and crossbones is proportionate to the security risk. A criminal in a police uniform is a more serious problem than a criminal in plain clothes. The skull and crossbones alerts you to the fact that the “uniform” before you cannot be trusted.
@Dave N, the symbol for sites that install malware is a happy face, because by then, it’s too late, and the malware will be lying to you.
When you see the skull and crossbones, close the tab. The web page is not secure and any claim to the contrary is false.
People, the fact that you are seeing this problem so much isn't Chrome’s fault, it's because that's really how poorly secured the websites are out there.
If you're seeing it in Gmail, then your connection to Gmail isn't secure and you shouldn't trust it.
@jeffreythebarak, sorry, but you’re mistaken. It reveals that the connection to the site is not secure. That you think it is is the great misconception that the skull and crossbones intends to correct.
@Cloud_no.9, it strengthens Google's reputation by showing that they’re willing to take their own punches. The problem with Gmail was quickly corrected.
@danorton But a turn-key e-commerce shopping cart product has the secure e-commerce in a frame, so all secure pages are mixed content. Millions of online stores are like this. So people will be shopping securely, at no risk, but still get the Jolly Roger.
I noticed in Gmail that when you are looking at an email the insecure symbol appears, which makes sense since the email content is not secure. When I go back to the inbox it still shows insecure, I hit refresh, but still insecure. Went to the html Gmail and read the same email, went back to the inbox it shows insecure hit refresh and the secure icon is back. Not sure why i behaves differently between the two. I would think if you go back to the inbox screen is should still be secure like the html page says.
Feed
Skull & crossbones appear on https:// pages. What's going on?
Feed