From version 83 and onwards, Google Chrome will be blocking HTTP file downloads from domains that show HTTPS.
According to Google, these types of downloads are risky.
However, it is important to bear in mind that not all HTTP downloads will be blocked in the new version – only some.
Furthermore, HTTP downloads initiated from HTTPS websites will not be blocked either.
Google believes that the “not secure” warning that Chrome users are seeing when visiting such websites is enough.
On the other hand, potentially insecure HTTP downloads initiated through websites that appear to be secure (the ones using the HTTPS protocol) could be a problem, which Google aims to address in the upcoming version of its flagship browser.
Upon initiating the download, a user may be led to believe that the process is secure due to spotting HTTPS in the URL bar, but in some cases, it is not.
Google Chrome 83 is scheduled for release in June.
However, it will only start blocking executables when users try to download them under the above-mentioned conditions.
The following types will only trigger a warning:
- Word and PDF documents
- Images, video, audio, text
Gradually, Chrome will be moving towards blocking these (as opposed to merely warning the user).
Each subsequent version will become stricter in this regard.
After executables, archives will be blocked in Chrome 84, followed by Word and PDF documents in version 85.
Finally, when Chrome 86 becomes the current version, all of the above will be blocked.
If you need HTTP downloads enabled in certain environments (such as intranet), then there’s good news – there’s a Google Chrome policy that allows it.
Mozilla Firefox was also contemplating implementing a similar cyber security measure last year.
None of this has come to fruition as yet, and the company hasn’t posted an update regarding the matter.