Chrome fails to check SSL certificate revocation on Android
This is another ridiculous fact about our beloved browser, the Chrome. At first, we now know that it doesn’t check for SSL certificate revocation by default, users need to turn on this setting manually as described here. On the other hand, Chrome on Android fails to check for certificate revocation completely, and connects users to a possibly malicious resource instead of the original and trusted resource.
Thankfully, there are few revocation aware browsers on Android including Mozilla’s Firefox which successfully detects SSL certificate revocation. Firefox shows a warning message and terminates connection when users try to open any secured website with revoked certificate.
Other notable ‘revocation aware’ mobile browser is Microsoft’s IE mobile on Windows Phone. It also doesn’t connect to the possibly malicious links and warns users (see the following screenshot).
Users can check their browsers for security certification revocation awareness by visiting a special test page https://revoked.grc.com.