HTTP Downloads

Google Working To Block Insecure HTTP Downloads In Chrome

Since HTTPS has grown more widespread on the internet, Google Chrome is planning to roll out a security feature that will restrict “insecure” HTTP downloads.

Whilst it used to be the case in that only privacy-sensitive websites, such as banks, required HTTPS encryption, it has now proficiently become the standard, particularly as even more online sites manage our data regularly. Google has been planning to add new security features to Chrome in recent years to promote the use of HTTPS connections anywhere and everywhere possible.

HTTP Downloads
Image Source: sammobile.com

Most prominently, any previous HTTP website is now marked as “Not Secure” in the address bar. Chrome also prevents websites that are secured from using insecure web forms and sometimes provides non-secure installs by default. This mix of safe and unsafe elements is referred to as mixed content.

A while back, the company added an “Always use secure connections” option to Chrome’s security settings. Allowing this directs Chrome to “upgrade” to the HTTPS mode of websites if you happen to navigate toward the unprotected version by accident. If a protected version is not accessible, an on-screen warning appears, asking if you want to proceed.

Google, a renowned search engine technology-focused firm, is planning to broaden that option to protect Chrome visitors from all possibly insecure HTTP downloads, based on a new code refactoring and affiliated explainer. This goes over and above the existing mixed data download protective measures by preventing downloads from any connection, regardless of whether it is affiliated with an unprotected website.

For instance, if you tap on an HTTPS download link and it takes you to an unprotected HTTP server then before finally connecting to an HTTPS server, Google Chrome will flag the download as unsafe. Likewise, if you’re visiting a website that’s only accessible via HTTP, Chrome will block any installs from that site.

Even so, as with Chrome’s other methods of preventing unprotected websites and installs, you will be able to get around the block. In this sense, it serves more as a loud alert to make sure you understand exactly what you’re doing than it is to truly stop users from possibly dangerous areas of the internet.

This upgrade feature to inhibit unprotected HTTP downloads will be sealed behind a Chrome flag at first. However, it is intended that it will be available shortly as a portion of the “Always use secure connections” toggle.

Because the feature is still in development, it is unlikely to be available for widespread testing until Chrome 111, which is scheduled to be released in March 2023, with a full launch following later in the year.