Google Chrome is Preparing a Feature That Will Prevent Unsafe HTTP Download

Google Chrome is getting ready to roll out a security feature to prevent “insecure” downloads via HTTP as HTTPS has spread more widely on the internet.

As more websites handle user data daily, HTTPS encryption has essentially replaced the earlier requirement that only privacy-sensitive websites, like banks, be secured. Google has been enhancing Chrome’s security features over the past few years to promote the adoption of HTTPS connections whenever possible.

The browser’s address bar now prominently displays “Not Secure” next to any older HTTP website. Additionally, Chrome prevents secure websites from giving insecure downloads or using insecure web forms by default. Mixed content refers to this fusion of secure and insecure components.

In Chrome’s security settings, the business added a checkbox for “Always use secure connections.” By enabling this, you’re instructing Chrome to try to “upgrade” to HTTPS versions of websites if you inadvertently access an insecure one. If a secure version isn’t available, a warning message will appear on the screen and ask you if you want to proceed.

According to a recent code update and description, Google intends to extend that toggle to shield Chrome users from all potentially unsafe HTTP downloads. Prohibiting downloads from all connections, including those connected to dangerous websites, goes beyond the already-existing precautions against mixed content downloads.

For instance, Google Chrome would stop the download as unsafe if you clicked an HTTPS download link, redirecting you to an insecure HTTP site before concluding with an HTTPS connection. Similarly, Chrome will prevent any downloads coming from a website that is only accessible by HTTP while you are browsing it.

However, you will be able to get around the block, just like you can with Chrome’s other methods of preventing insecure downloads and websites. In that sense, it serves less as a barrier to users accessing potentially dangerous areas of the internet and more as a loud warning to ensure you know what you’re doing.

This new setting will first be hidden behind a Chrome flag to prevent unsafe HTTP downloads. However, it will eventually be accessible via the “Always utilize secure connections” checkbox.

Since the feature is still under development, it will probably not be available for wider testing until Chrome 111, which is scheduled to ship in March 2023. A complete launch is more likely to occur later in the year.