[twblalock]

That's surprising, because Chrome has distrusted Symantec certs for a few months and it's odd that Paypal would not have fixed it by now.

[cpeterso]

Chrome and Firefox have only distrusted Symantec certs in their pre-release versions. The Chrome 70 and Firefox 63 releases in mid-October are when the hammer will fall.

https://security.googleblog.com/2018/03/distrust-of-symantec...

[user5994461]

The hammer fell in April already. Google published a roadmap, the link you gave, but didn't respect it.

[plttn]

Your anecdotal evidence doesn't prove they didn't respect it. I was just able to load PayPal with a Symantec cert on Chrome 69 on Android, which I realize is dueling anecdotes, but I'm just reinforcing the status quo, you're the one making a bold claim.

[awakeasleep]

The head of Symantec's board is the CEO of PayPal.

PayPal is a diehard Symantec company and will not abandon anything Symantec related until it is absolutely forced to.