Advertisement

Google Chrome Will Block All Insecure Downloads Soon

As you may already know, Google and its web browser had started a war against the plain HTTP. The recently released Chrome 80 forces HTTP resources to be loaded via HTTPS, otherwise it leaves them blocked until the explicit user interaction. The company reveals the next step they would take, this time against HTTP downloads.

Advertisеment

Chrome will gradually ensure that secure (HTTPS) pages only download secure files The browser will start blocking "mixed content downloads" (non-HTTPS downloads started on secure pages).

The official blog post reveals what's behind the change.

Insecurely-downloaded files are a risk to users' security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome.

Google plans to apply restrictions on mixed content downloads on desktop platforms (Windows, macOS, Chrome OS and Linux) first. The plan for desktop platforms looks as follows:

Chrome Block Insecure Downloads

So, Chrome 81 (released March 2020) will print a console message warning about all mixed content downloads; Chrome 82 will display a warning; Starting in Chrome 83 all downloadable content types will be gradually blocked.

After October 2020, Chrome will block all mixed content downloads.

Chrome Block Insecure Downloads In Action

Interested users can activate a warning on all mixed content downloads for testing by enabling the "Treat risky downloads over insecure connections as active mixed content" flag at chrome://flags/#treat-unsafe-downloads-as-active-content.

Google will delay the roll-out on Android and iOS versions of Chrome for one release. This means that warnings for insecure downloads will be first displayed in Chrome 83, and not in Chrome 82.

Enterprise and education customers can disable blocking on a per-site basis via the existing InsecureContentAllowedForUrls policy by adding a pattern matching the page requesting the download.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.