That Chrome error message is dangerously misleading.
The error message shown in the article - “Attackers might be trying to steal your information” is not just wrong, it’s dangerously misleading and I think Google should be ashamed.
A more honest error message would be “This site is being vouched for by someone who’s no longer trustworthy”, or some riff on that theme.
Equating “we no longer trust this cert” with “this cert is a forgery and this site is up to no good” is going to backfire. Users will phone the RAC/Natwest etc, be told “yeah, don’t worry, it’s just Chrome, there’s nothing unsafe about our site” and...next time they see a (genuine) phishing alert, will pooh-pooh it.
Yes, I understand that users don’t read error messages/warnings, and that those messages must be kept simple. But that can be harmful.
Am I the only one who has this concern?