360 Browser Update CAB F2F48 @ Guangzhou

2019.11.06 Halton Huo [email protected] 360Browser – The most popular browser in China

360 Extreme Browser 360 Secure Browser 360 Enterprise Browser

MAU: 400M iResearch：Browser End User penetration rate in China DAU: 80M 2018Q3 2019Q3 90% 85% 81% 80%79% 80%

70%

60%

50%

40%

30% 23% 20% 20% 13%14% 14%13% 12%13% 12%13% 10% 8% 10% 5% 5%

0% 360 IE Chrome Sogou Firefox 2345 QQ UC Cheetah/Kingsoft PC browser remains internet entrance

Browser user daily active map Internet Traffic (Mobile vs PC)

Source：BroadbandSearch Source：360

• PC still eat 50% internet traffic , and browser is >50% for daily use • PC browser users are mainly on OFFICE work scenarios HTTP->HTTPS Status in China

HTTPS vs HTTP visits by County 120% HTTPS HTTP

100% • HTTPS percentage in China relative low 8% 10% 11% 15% 17% 19% 20% (65%) compared with US/EU and other 33% 80% golden bricks countries. • HTTPS in China gov websites is 47%[1], 60% while US gov websites are 100%[2]

92% 90% 89% 85% 40% 83% 81% 80% 67% [1] Based on 111,529 government websites by 360, July 2019 20% [2] Benefits from white house“HTTPS-Only”directive in June 2015

0% US Germany France Russia Brazil Japan India China

Source: https://transparencyreport.google.com/https/overview (expect China) and 360 (China) 360 Root Store updates

CA Roots Status iTrusChina • vTrus Root CA Added after Sept. 1 • vTrus ECC Root CA releases CFCA • CFCA EV ROOT To be released HARICA • Hellenic Academic and Research Institutions To be released RootCA 2015 • Hellenic Academic and Research Institutions ECC RootCA 2015 • Hellenic Academic and Research Institutions RootCA 2011 360 root store update to all products 2 SSL Errors

Cert Errors by PV (based on July 2019) 1200000 1129605

1000000

800000

600000

400000

218821

200000 72273 40868 34431 32486

0 Untrusted CA root risks

1% visit from Untrusted roots，Finance&Pay are under high risks

Untrused rootPV

Untrused 9000

1% 8000 Trusted Anti-AD normally installed by user 7000 99% 6000

5000 Unknown source，360 secure team 4000 investigating

3000

2000

Category Untrusted root PV Level 1000 Finance Alipay1%，TenPay 2%, CCB1% High 0 Shopping Taobao 1%，JD 2% High ADSafe Certum Trusted NetWork GlobalSignature Sample CA 2 CA 2 Certificates CA 2 Search Baidu 4%，Google 1% Medium Engine Social Media Weibo 3% Medium Extreme Browser 12 Preview release

Dual Engine: Trident + Chromium 78 4K video support

DoH Enabled Windows XP SP2+ w/ 360 server NPAPI support

360 added New Dark Theme features 360 MiniApp • Extend mini app from mobile to PC, more suitable to big screen • Native user experience w/o browser UI with enhanced API support (170+) • Centralized App publish/update/payment, full life cycle management • Full toolchain support and developer community/activities, and empowered by 360 products ecosystem support • Joint-effort on W3C CG and partners Plan

• Update all products to Chromium 78 based

• 360 CT log server setup

• CRLSets auto crawl support

• Untrusted roots investigation Thanks

Halton Huo [email protected]