The lock icon in the address bar has led to plenty of confusion in modern web browsers, as it can give the impression that a site is safe even when it isn't. Google has a plan to fix that problem: get rid of the icon entirely.
Google discussed the icon in a lengthy blog post earlier today, outlining how it has updated the look and functionality of the lock icon over the years. The lock icon simply means that your connection to a site is encrypted with HTTPS, ensuring the data is not being modified on its way to and from your computer. The difficulty and related expenses for HTTPS support in the early days of the web also gave the icon a sense of reliability or trustworthyness -- after all, most scammers weren't going to pay for thousands of dollars for an SSL certificate.
Google's blog post explains, "We redesigned the lock icon in 2016 after our research showed that many users misunderstood what the icon conveyed. Despite our best efforts, our research in 2021 showed that only 11% of study participants correctly understood the precise meaning of the lock icon. This misunderstanding is not harmless --- nearly all phishing sites use HTTPS, and therefore also display the lock icon."
Google started to experiment with replacing the lock icon in the Chrome browser with a more neutral icon back in 2021, and now the company has settled on "a variant of the tune icon." It looks more like a typical settings button, and according to Google's research results, it doesn't convey trustworthiness in the same way as the current lock icon. Chrome will also continue to show a "Not secure" message for sites not using HTTPS.
Google plans to roll out the new icon in Chrome 117, which is currently scheduled for early September 2023. It's available now in Chrome Canary as part of the Chrome Refresh 2023 redesign, and Chrome on Android will receive icon around the same time as the desktop rollout. The icon will go away entirely without a replacement on iPhone, since the icon isn't tappable.
Source: Chromium Blog