Microsoft-Trusted ICP-Brasil Certificate for google.com
Andrew Ayer (via Hacker News):
A Brazilian certificate authority trusted only by Microsoft has issued a presumably-unauthorized certificate for google.com.
This can used to intercept traffic to Google from Edge and other Windows applications (except Chrome and Firefox). Hug-ops to Google folks.
Microsoft are well aware of the extensive history of problems with this CA - I emailed them my concerns in 2021, and further issues were raised during a public CCADB discussion in 2022 - but they clearly don’t care.
Previously:
