In a bid to make internet browsing more secure, Google will soon block insecure downloads via its Chrome browser.
“Mixed content downloads”, which are initiated on HTTPS web pages but originate from less secure HTTP pages, are considered unsafe by Google.
Chrome 83, slated to release in June, will automatically block downloads of this kind. Google will not block HTTP downloads initiated from HTTP pages.
- Google Chrome will soon block the web’s most annoying video ads
- Google will get faster at releasing Chrome security patches
- Google suspends all paid Chrome browser extensions
In general, HTTP pages are less secure than those that use the HTTPS protocol. For this reason, some sites endeavour to trick users into downloading malicious content by routing them from an HTTPS page to an HTTP one.
Chrome does not currently issue a warning when a user is about to download content that might be unsafe.
However, with the release of Chrome 82 in April, Google will start warning users if a mixed content download is initiated. Initially, Chrome will only warn users of the most harmful file types (e.g. executable files), though the warning system will later extend to more files.
Google says this feature will be first introduced to the browser on desktop platforms including Windows, macOS, Chrome and Linux. While the rollout on mobile platforms, iOS and Android, will be delayed by one release.
This means mobile users will begin to receive warnings from Chrome 83 build and the automatic block will come into effect later on.
This update may not apply to enterprise consumers who use controlled environments like Intranet, where HTTP content may be less risky. Google has put an override policy in place to allow mixed content downloads in a controlled environment.
- Here’s our lost of the best antivirus software for 2020