Google company refrain from separately labeling EV-level certificates () in Chrome. If earlier for sites with similar certificates in the address bar the name of the company verified by the certification authority was displayed, now for these sites the same secure connection indicator as for certificates with domain access verification.
Starting with Chrome 77, information about applying EV certificates will only be displayed in the drop-down menu shown when clicking on the secure connection icon. In 2018, Apple made a similar decision for the Safari browser and implemented it with the releases of iOS 12 and macOS 10.14. Recall that EV-certificates confirm the declared identification parameters and require a certification authority to verify documents about domain ownership and the physical presence of the resource owner.
Research conducted at Google showed that the indicator previously used for EV certificates did not provide the expected protection for users who did not pay attention to the difference and did not use it when making decisions about entering sensitive data on sites. Spent at Google showed that 85% of users were not stopped from entering credentials by the presence of the URL "accounts.google.com.amp.tinyurl.com" in the address bar instead of "accounts.google.com", in case the page displays a typical Google site interface.
In order to inspire confidence in the site among most users, it turned out to be enough just to make the page look like the original. As a result, it was concluded that positive safety indicators are not effective and it is worth focusing on organizing the output of explicit warnings about problems. For example, a similar scheme has recently been used for HTTP connections that are explicitly marked as insecure.
At the same time, the information displayed for EV certificates takes up too much space in the address bar, can lead to additional confusion when seeing the company name in the browser interface, and also violates the principle of product neutrality and for phishing. For example, the Symantec CA issued an EV certificate to Identity Verified, whose name was misleading, especially when the real name of the public domain did not fit in the address bar:
Add-on: Firefox Developers similar solution and will no longer highlight EV certificates in the address pool starting with the release of Firefox 70. Firefox 70 will also have display of HTTPS and HTTP protocols in the address bar.
Source: opennet.ru