Google Chrome is getting ready to roll out a security feature that will prevent “insecure” downloads via HTTP as HTTPS has spread more widely on the internet.
As more websites handle user data on a daily basis, HTTPS encryption has essentially replaced the earlier requirement that only privacy-sensitive websites, like banks, be secured with it. Google has been enhancing Chrome’s security features over the past few years in an effort to promote the adoption of HTTPS connections whenever possible.
The address bar of the browser now prominently displays “Not Secure” next to any older HTTP website. Additionally, Chrome by default prevents secure websites from giving insecure downloads or using insecure web forms. Mixed content refers to this fusion of secure and insecure components.
In Chrome’s security settings, the business more recently added a checkbox for “Always use secure connections.” By enabling this, you’re instructing Chrome to try to “upgrade” to HTTPS versions of websites if you inadvertently access an insecure one. If a secure version isn’t available, a warning message appears on the screen and asks you if you want to proceed.
According to a recent code update and description, Google intends to extend that toggle to shield Chrome users from all potentially unsafe HTTP downloads. Prohibiting downloads from all connections, including those connected to dangerous websites, goes beyond the already-existing precautions against mixed content downloads.
For instance, Google Chrome would stop the download as unsafe if you clicked an HTTPS download link and it redirected you to an insecure HTTP site before concluding with an HTTPS connection. Similarly to this, Chrome will prevent any downloads coming from a website that is only accessible by HTTP while you are browsing it.
However, you will be able to get around the block, just like you can with Chrome’s other methods of preventing insecure downloads and websites. In that sense, it serves less as an actual barrier to users accessing potentially dangerous areas of the internet and more as a loud warning to make sure you know what you’re doing.
This new setting to prevent unsafe HTTP downloads will first be hidden behind a Chrome flag. However, it will eventually be accessible via the “Always utilize secure connections” checkbox.
Since the feature is still under development, it probably won’t be available for wider testing until Chrome 111, which is scheduled to ship in March 2023, while a complete launch is more likely to occur later in the year.