In the HTTPS/SSL section of chrome://chrome/settings, I see the following: What does this mean, and is there something wrong?

I have a basic understanding of SSL/TLS - I'm not claiming to be completely familiar, but I'm fairly confident I know my way around it - but I don't understand why I have certificates installed on my machine specifically for these sites.

From my understanding, I should have the certificates for Certificate Authorities, and any site I visit and use SSL/TLS should have a certificate signed by one of these trusted CAs for me to trust the site.

My worry is that if someone has maliciously installed a certificate for these sites on my machine, they could perform a DNS spoofing attack (or a number of other attacks) to hijack my connection to my email account without me knowing, and as they've got the private counterpart to the certificate on my machine, decrypt the communication.

NB: I'm also aware that CA certificates aren't just within Chromium and are used system wide as part of libssl - they're stored in /etc/ssl/certs.

What I'd like to know is:

• Is this correct? - The big red boxes make me think no
• Is this malicious or benign?
• What can I do to resolve this problem? (If indeed it is a problem)

Thanks :)