Google Chrome to default to HTTPS in Version 90

In an effort to improve security, Google Chrome will default to Hypertext Transport Protocol Secure (HTTPS) for all URLs typed in the address bar when Version 90 of the browser launches.

This is scheduled for 13th April.

In a recent post on Google’s official blog, the company explained its vision for its flagship browser going forward.

Google is aiming for Chrome to always use secure connections by default.

The intention is to protect the end user by encrypting traffic, therefore ensuring that no unauthorised third party can intercept or otherwise modify sensitive data entered on websites.

Google claims that this will even improve loading speeds.

However, what happens if a user lands on one of the websites that does not support HTTPS?

In this case, Chrome will revert to HTTP when the HTTPS attempt fails.

Initially, the new feature will roll out for Chrome Desktop and Chrome for Android in Version 90, with an iOS release following shortly afterwards.

According to Josh Angell, application security consultant at nVisium, a company is supposed to enforce HTTPS by default given that it implements the best practices for its web resources traffic.

He added that Google does indeed have a strong position to set an example for others to follow, which should further encourage stronger controls when it comes to web traffic encryption.

Zach Jones from WhiteHatSecurity said that the use of Transport Layer Security has become widely accepted by browser makers and that it is indeed the foundational security layer in HTTPS.

This allows them to offer improved support and protection to their users.

According to Jones, insufficient transport layer protection is one of the most prevalent risks to applications.

Transport layer protection often does not get the attention that it deserves, but Google’s recent move will hopefully reverse the trend.