Google strictly plans to block insecure downloads in Chrome browser coming months!

Back in December 2019, Google launched Chrome 79 (recent update) for its users to ensure new security features, including password checkups and notification-on when your password gets stolen.

This update was followed as per the plan annouced by Google in October 2019 on their official blog post claiming that –

“Chrome will gradually start ensuring that https:// pages can only load secure https:// subresources. In a series of steps outlined below, we’ll start blocking mixed content (insecure http:// subresources on https:// pages) by default. This change will improve user privacy and security on the web, and present a clearer browser security UX to users.”

And with the start of the year 2020, Google is again announcing its plans for migrating Chrome users to a fully-fledged secure platform where users cannot access insecure files, which ultimately deceive their privacy and security, as well.

However, keeping things in mind, Google isn’t directly forcing its users to migrate immediately, but it will be done partially.

“Chrome will delay the rollout for Android and iOS users by one release, starting warnings in Chrome 83. Mobile platforms have better native protection against malicious files, and this delay will give developers a head-start towards updating their sites before impacting mobile users,” says Joe DeBlasio, Chrome security team.

What’s the plan of the Chrome team?

“Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements. To address these risks, we plan to remove support for insecure downloads in Chrome eventually.”

Here’s the plan:

Chrome-insecure-mixed-content-blocking-table

[Image Source]

  • Initially starting with Chrome 81, which is due for March release, will start on warning users downloading mixed content from a secure website. Google confirms that this is the major concern as “Chrome currently does not indicate to the user that their privacy and security are at risk,” he added.
  • Then with Chrome 82, for April release, Chrome will first warn users regarding executable files and gradually block start blocking these mixed content downloads.
  • In Chrome 83, for July release, it will further move on to Archive files giving warning and then blocking the mixed content download.
  • For Chrome 84, to be released in August, it will block all mixed executables, Archives, and disk images. Additionally, blocking all other lefts out diverse content except image, audio, video, and text formats.
  • Later in Chrome 85, for September release, it will be doing the same for all left out mixed content and start blocking them intriguingly.
  • And in the final update of Chrome 86, for October release, Chrome will be blocking all mixed content downloads.

An example of potential warning after the last update (Chrome 86) is successfully launched:

Chrome-insecure-download-warning

[Image Source]

Joe DeBlasio also added – “In the future, we expect to further restrict insecure downloads in Chrome. We encourage developers to migrate to HTTPS to avoid future restrictions fully and fully protect their users. Developers with questions are welcome to email us at security-dev@chromium.org.” 

LEAVE A REPLY

Please enter your comment!
Please enter your name here