Certain websites not displaying correctly in chromium (ERR_INSECURE_RESPONSE for all images and css)

I installed ubuntu 16.04 several weeks ago. Recently (in the past few days), several websites have started displaying incorrectly, i.e. without images or CSS stylings.

For example, here is nytimes.com:

nytimes

Output from chromium-browser --version:

Using PPAPI flash.
Chromium 53.0.2785.143 Built on Ubuntu , running on Ubuntu 16.04

What should I do to fix this? I tried clearing cookies and disabling all extensions, but the problem persisted.

I have the same problem on certain other websites (e.g. wellsfargo.com), but not all (e.g. askubuntu.com displays correctly). On wellsfargo.com, I see the same sort of Failed to load resource: net::ERR_INSECURE_RESPONSE messages in the developer tools console.

This problem does not appear when I use firefox -- it only affects chromium.

Edit: I uninstalled chromium, rebooted my machine and reinstalled chromium, and the problem persists...

Edit: on both nytimes.com and wellsfargo.com I see Failed to load resource: net::ERR_INSECURE_RESPONSE not only for images but also for the page's css, which explains the lack of stylings. On wellsfargo.com, for example, GET https://www01.wellsfargomedia.com/css/home/homepage.css fails with net::ERR_INSECURE_RESPONSE.

Edit: amazon.com displays the same problem (no images or css). Amazon.fr does not load -- instead, I get a warning page from chrome:

Your connection is not private

Attackers might be trying to steal your information from www.amazon.fr (for example, passwords, messages, or credit cards). NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

www.amazon.fr normally uses encryption to protect your information. When Chromium tried to connect to www.amazon.fr this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.amazon.fr, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.

You cannot visit www.amazon.fr right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.


It's a known bug:

  • https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380
  • https://bugs.chromium.org/p/chromium/issues/detail?id=664177

The bug has been squashed upstream, and they say that "the updated package should be released soon".

Edit to update status "This bug was fixed in the package chromium-browser - 53.0.2785.143-0ubuntu0.14.04.1.1145" (source: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380)