With HTTPS becoming commonplace on the web, Google Chrome will soon launch a security measure that prevents “insecure” downloads via HTTP.
HTTPS Encryption
HTTPS encryption used to only be necessary for websites that handled sensitive data, like banks. Nowadays, HTTPS has practically become the norm, especially since more websites are now processing user data regularly.
To promote the use of HTTPS connections, Google has enhanced Chrome with various new protective measures in recent years.
Older HTTP Websites Marked Unsecure By Chrome
Chrome now marks older HTTP websites as “Not Secure” in the address bar. Additionally, Chrome blocks secure sites from providing insecure web forms or offering insecure downloads by default – this is known as “mixed content.”
Recently, Chrome added a toggle to its security settings so you can select “Always use secure connections”.
Activating this setting enables Chrome to automatically upgrade and switch to the secure HTTPS version of websites if a user ever mistakenly navigates to the unsecured version.
If an HTTPS version is not available, then a warning message will appear, prompting the user to decide whether they want to continue or not.
Google Chrome Is Planning to Provide an Option to Block Insecure HTTP Downloads.
Google’s Plan to Broaden the Toggle Cover
With a new code change and explanation, Google is planning to broaden the toggle to cover Chrome users from any potential downloads in HTTP that may not be secure.
This protection goes further than the existing mixed content download protections, blocking downloads from any connection that is even related to an unsecured website.
To give an example, if someone clicks on a secure HTTPS download link and it takes them to an insecure HTTP server before ending with another HTTPS connection, Google
Despite that, as with Chrome’s other security protocols for blocking unsafe websites and downloads, you’ll be able to go around the block.
In this manner, the warning blocks users from potentially hazardous aspects of the internet and serves to caution them to be aware of what they are doing.
Block Insecure Download
To begin with, the blocking of insecure HTTP downloads will be restricted behind a Chrome flag.
They plan to make this available in the future as part of the “Always use secure connections” option.
Block insecure downloads
Enables insecure download blocking. This shows a ‘blocked’ message if the user attempts to download a file over an insecure transport (e.g. HTTP) either directly or via an insecure redirect.
#block-insecure-downloads
This feature is still in development, so it won’t likely be ready for wider testing until Chrome 111 launches in March 2023, with a full release coming later that year.
