MobileNews

Google Chrome preparing an option to block insecure HTTP downloads

As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP.

While it used to be the case that only privacy-sensitive websites like banks needed to be secured with HTTPS encryption, these days it’s effectively become the default, especially as more websites handle our data on a daily basis. Over the last few years, Google has been adding new protections to Chrome to help encourage the use of HTTPS connections wherever possible.

Most notably, the browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome also, by default, blocks secure websites from using insecure web forms or offering insecure downloads. This combination of secure and insecure elements is called “mixed content.”

More recently, the company created a toggle in Chrome’s security settings to “Always use secure connections.” Enabling this tells Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue.

According to a new code change and associated explainer, Google is looking to expand that toggle to also protect Chrome users from any and all potentially insecure HTTP downloads. This goes beyond the existing mixed content download protections by blocking downloads from any connection even associated with an insecure website.

For example, if you click an HTTPS download link and it redirects you to an insecure HTTP server followed by a final HTTPS connection, Google Chrome would block the download as unsafe. Similarly, if you’re browsing a website that’s only available through HTTP, Chrome would block any downloads originating from that site.

That said, just like with Chrome’s other forms of blocking insecure websites and downloads, you’ll be able to bypass the block. In that way, it’s more of a loud warning to make sure you know what you’re doing, rather than truly blocking users from potentially unsafe parts of the internet.

In the beginning, this new option to block insecure HTTP downloads will be locked behind a Chrome flag. Later on, though, it’s intended to be available as part of the “Always use secure connections” toggle.

Block insecure downloads

Enables insecure download blocking. This shows a ‘blocked’ message if the user attempts to download a file over an insecure transport (e.g. HTTP) either directly or via an insecure redirect.

#block-insecure-downloads

As the feature is only just now getting developed, it’s not likely to arrive for broader testing until Chrome 111, set to release in March 2023, while a full launch would likely arrive later in the year.

More on Chrome:



Author: Kyle Bradshaw
Source: 9TO5Google

Related posts
AI & RoboticsNews

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

AI & RoboticsNews

OpenAI opens up its most powerful model, o1, to third-party developers

AI & RoboticsNews

UAE’s Falcon 3 challenges open-source leaders amid surging demand for small AI models

DefenseNews

Army, Navy conduct key hypersonic missile test

Sign up for our Newsletter and
stay informed!