360 Browser Update CAB F2F48 @ Guangzhou
2019.11.06 Halton Huo [email protected] 360Browser – The most popular browser in China
360 Extreme Browser 360 Secure Browser 360 Enterprise Browser
MAU: 400M iResearch:Browser End User penetration rate in China DAU: 80M 2018Q3 2019Q3 90% 85% 81% 80%79% 80%
70%
60%
50%
40%
30% 23% 20% 20% 13%14% 14%13% 12%13% 12%13% 10% 8% 10% 5% 5%
0% 360 IE Chrome Sogou Firefox 2345 QQ UC Cheetah/Kingsoft PC browser remains internet entrance
Browser user daily active map Internet Traffic (Mobile vs PC)
Source:BroadbandSearch Source:360
• PC still eat 50% internet traffic , and browser is >50% for daily use • PC browser users are mainly on OFFICE work scenarios HTTP->HTTPS Status in China
HTTPS vs HTTP visits by County 120% HTTPS HTTP
100% • HTTPS percentage in China relative low 8% 10% 11% 15% 17% 19% 20% (65%) compared with US/EU and other 33% 80% golden bricks countries. • HTTPS in China gov websites is 47%[1], 60% while US gov websites are 100%[2]
92% 90% 89% 85% 40% 83% 81% 80% 67% [1] Based on 111,529 government websites by 360, July 2019 20% [2] Benefits from white house“HTTPS-Only”directive in June 2015
0% US Germany France Russia Brazil Japan India China
Source: https://transparencyreport.google.com/https/overview (expect China) and 360 (China) 360 Root Store updates
CA Roots Status iTrusChina • vTrus Root CA Added after Sept. 1 • vTrus ECC Root CA releases CFCA • CFCA EV ROOT To be released HARICA • Hellenic Academic and Research Institutions To be released RootCA 2015 • Hellenic Academic and Research Institutions ECC RootCA 2015 • Hellenic Academic and Research Institutions RootCA 2011 360 root store update to all products 2 SSL Errors
Cert Errors by PV (based on July 2019) 1200000 1129605
1000000
800000
600000
400000
218821
200000 72273 40868 34431 32486
0 Untrusted CA root risks
1% visit from Untrusted roots,Finance&Pay are under high risks
Untrused rootPV
Untrused 9000
1% 8000 Trusted Anti-AD normally installed by user 7000 99% 6000
5000 Unknown source,360 secure team 4000 investigating
3000
2000
Category Untrusted root PV Level 1000 Finance Alipay1%,TenPay 2%, CCB1% High 0 Shopping Taobao 1%,JD 2% High ADSafe Certum Trusted NetWork GlobalSignature Sample CA 2 CA 2 Certificates CA 2 Search Baidu 4%,Google 1% Medium Engine Social Media Weibo 3% Medium Extreme Browser 12 Preview release
Dual Engine: Trident + Chromium 78 4K video support
DoH Enabled Windows XP SP2+ w/ 360 server NPAPI support
360 added New Dark Theme features 360 MiniApp • Extend mini app from mobile to PC, more suitable to big screen • Native user experience w/o browser UI with enhanced API support (170+) • Centralized App publish/update/payment, full life cycle management • Full toolchain support and developer community/activities, and empowered by 360 products ecosystem support • Joint-effort on W3C CG and partners Plan
• Update all products to Chromium 78 based
• 360 CT log server setup
• CRLSets auto crawl support
• Untrusted roots investigation Thanks
Halton Huo [email protected]