The browser that most of us use on a daily basis – Google Chrome is taking strides in becoming more secure. Chrome’s security team is introducing a feature that will “gradually ensure that secure (HTTPS) pages only download secure files.”
Insecure downloads can be the source of malware and other cyber attacks so its no surprise that Google Chrome team would want to root those out of their application to protect users.
… insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements.
Chrome Blogpost
Between March and October this year, Chrome will block insecure downloads in the following order:
- In Chrome 81 (released March 2020) and later:
- Chrome will print a console message warning about all mixed content downloads.
- In Chrome 82 (released April 2020):
- Chrome will warn on mixed content downloads of executables (e.g. .exe).
- In Chrome 83 (released June 2020):
- Chrome will block mixed content executables
- Chrome will warn on mixed content archives (.zip) and disk images (.iso).
- In Chrome 84 (released August 2020):
- Chrome will block mixed content executables, archives and disk images
- Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
- In Chrome 85 (released September 2020):
- Chrome will warn on mixed content downloads of images, audio, video, and text
- Chrome will block all other mixed content downloads
- In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.
For the mobile counterpart, Chrome will delay the roll-out of these versions by one version each meaning the blocking available on Chrome 83 on desktop will come to mobile in Chrome 84. This is because “mobile platforms have better native protection against malicious files, and this delay will give developers a head-start towards updating their sites before impacting mobile users.”
Share
Home
What’s your take?