Ask a Question

Alert ID : ALERT2161

Last Modified : 05/08/2018

Warning | Certificate Transparency error with Chrome 53



What is happening?

There is a bug in Chrome version 53 that affects some Symantec, GeoTrust, and Thawte SSL/TLS certificates resulting in an error displaying when visiting affected websites.  There are no issues with the certificates used on the affected sites, and replacing these certificates will not help.  This is entirely a bug with Certificate Transparency handling that is only present in some versions of Chrome (53 and 54).

UPDATED INFORMATION: Upon further investigation, Google has patched a majority of their applications and platforms, but there is still an outstanding issue with Android apps that leverage WebView version 53. A full list is listed below in this document.


Why Might a Customer Care?

Customers will care because sites protected with a valid Symantec, GeoTrust, and Thawte SSL/TLS certificates may be marked as untrusted by affected apps using Chrome v53 of WebView (an embedded version of Chrome used by some Android applications).


What are we doing about this?

We have created a blog post

In addition, we are in communication with Google as they work to resolve this issue.  


Customer Actions to Take

  1. Upgrade to Chrome application and platforms with version 55 or later.
  2. Use other browsers (Firefox, Safari, IE/Edge) as they do not have this bug.


Important Facts

  • This is a Google bug impacting some sub-versions of their Chrome 53 and 54 releases.
  • The issue remains primary for the WebView component impacting Android apps.
  • There are no issues with the certificates or the affected sites.
  • Replacing these certificates will not resolve this Chrome issue.



Q. How big of an issue is this?

A. While Chrome browsers are set up to automatically update when a new Chrome version is released, the impact for these customers might be low. However Android users or Android Apps that utilize WebView need to manually download and apply the latest version to prevent the error from showing.


Q. Why is this issue happening with Chrome for Symantec certificates?

A. Google introduced a bug starting in Chrome 53, where 10 weeks after the build date, websites using Symantec issued certificates would display a Certificate Transparency error to customers. There are multiple sub versions of Chrome 53 so this issue manifests itself at different times for different end users depending on which exact version they have.

The issue persisted through Chrome 54 and has been resolved in the newest version, Chrome 55. Distribution of Chrome 55 is starting the week of December 5 (Chrome distributions ramp up over several days across their customer bases).


Q. How long does a Chrome update take to populate? How long will this issue exist?

A. With auto-update for desktop, Chrome builds typically reach saturation within about a week. For a majority of impacted platforms and OS's the issue is resolved, and requires no customer action. For mobile devices, it depends on the end user’s setting for auto-updating apps or not. In some cases, customers may stay on an older build until they manually update


Q. When did this get patched?

A. Google patched in Chrome 55.


Q. What dates did this issue get resolved?

A. Chrome “stable” versions are the versions pushed out via their update mechanisms and are most commonly used. Dates for current releases can be found here, and are copied below.


User Action Required?

Chrome Mac

Chrome Windows


Chrome Linux


Chrome for Android
Chrome for iOS



No action required by end users.
May require Chromium distributors to rebuild.

Chromium based browsers
(Opera, Opera Mini, Brave, Comodo Dragon)

No (n/a)

Chrome Custom Tabs

This is the modern embedded browser for Android



This component is an embedded browser used in some Android apps. For example, an embedded browser might be used for an OAuth screen or an in-app web page display



App users will need to update/download WebView/Chrome 55 from the App Store/PlayStore for the fix.

Downloading WebView/Chrome 54 today will provide a temporary solution.


Build ID 54.0.2840.68 Expires 12/27/2016

Build ID 54.0.2840.85 Expires 1/7/2017

Android Open Source Platform (AOSP)

Developers need to apply the patch and users need to install an update