MobileNews

Google Chrome preparing an option to block insecure HTTP downloads

As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP.

While it used to be the case that only privacy-sensitive websites like banks needed to be secured with HTTPS encryption, these days it’s effectively become the default, especially as more websites handle our data on a daily basis. Over the last few years, Google has been adding new protections to Chrome to help encourage the use of HTTPS connections wherever possible.

Most notably, the browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome also, by default, blocks secure websites from using insecure web forms or offering insecure downloads. This combination of secure and insecure elements is called “mixed content.”

More recently, the company created a toggle in Chrome’s security settings to “Always use secure connections.” Enabling this tells Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue.

According to a new code change and associated explainer, Google is looking to expand that toggle to also protect Chrome users from any and all potentially insecure HTTP downloads. This goes beyond the existing mixed content download protections by blocking downloads from any connection even associated with an insecure website.

For example, if you click an HTTPS download link and it redirects you to an insecure HTTP server followed by a final HTTPS connection, Google Chrome would block the download as unsafe. Similarly, if you’re browsing a website that’s only available through HTTP, Chrome would block any downloads originating from that site.

That said, just like with Chrome’s other forms of blocking insecure websites and downloads, you’ll be able to bypass the block. In that way, it’s more of a loud warning to make sure you know what you’re doing, rather than truly blocking users from potentially unsafe parts of the internet.

In the beginning, this new option to block insecure HTTP downloads will be locked behind a Chrome flag. Later on, though, it’s intended to be available as part of the “Always use secure connections” toggle.

Block insecure downloads

Enables insecure download blocking. This shows a ‘blocked’ message if the user attempts to download a file over an insecure transport (e.g. HTTP) either directly or via an insecure redirect.

#block-insecure-downloads

As the feature is only just now getting developed, it’s not likely to arrive for broader testing until Chrome 111, set to release in March 2023, while a full launch would likely arrive later in the year.

More on Chrome:



Author: Kyle Bradshaw
Source: 9TO5Google

Related posts
AI & RoboticsNews

Microsoft brings AI to the farm and factory floor, partnering with industry giants

AI & RoboticsNews

Edge data is critical to AI — here’s how Dell is helping enterprises unlock its value

AI & RoboticsNews

Box continues to expand beyond just data sharing, with agent-driven enterprise AI studio and no-code apps

Cleantech & EV'sNews

Porsche launches three new Taycan EV models, adding more performance and range

Sign up for our Newsletter and
stay informed!