In an attempt to improve the security of its users, the Chrome browser will soon start blocking insecure downloads on HTTPS pages, Google announced.
The plan, which the Internet giant laid out this week, is expected to be completed sometime in the fall, when Chrome 86 arrives.
The announcement comes just days after the release of Chrome 80, which by default blocks mixed audio and video resources if they cannot be automatically upgraded to HTTPS. The same will happen with image files in Chrome 81, which is expected to be released to the stable channel in March 2020.
In the long term, Google’s plan is to block all insecure subresources on secure pages, as they represent a risk for users. Files that are downloaded insecurely could be replaced by attackers with malware, or exposed to eavesdroppers.
“To address these risks, we plan to eventually remove support for insecure downloads in Chrome,” the Internet giant says.
In the initial phase, the focus is on insecure downloads started on secure pages, and the first step is to display warnings. The restrictions for mixed content downloads, Google says, will be pushed to all desktop platforms first.
Executable files will be impacted first, with Chrome 82 displaying a warning on them and Chrome 83 blocking them.
Next in line will be archives and disk image files (a warning in Chrome 83 and blocked starting with Chrome 84), followed by other non-safe file types such as PDF and Word documents (a warning in Chrome 84 and blocking in Chrome 85).
Chrome 85 will warn of mixed content downloads of images, audio, video, and text, and will b ..
Support the originator by clicking the read the rest link below.
