December 23, 2024

Google Chrome is making it difficult to download sneaky HTTP files

0

 

Google, since past several years, has been taking proactive measures for making browsing experience on Chrome safer and more secure. The company, back in 2016, announced that it would start marking all HTTP websites as ‘not secure’ with the roll out of Chrome 56 starting January 2017. Then in 2018, the company announced that it would eventually mark all HTTP website as ‘not secure’. In addition to these changes, the company also started blocking secure websites from using insecure web forms or offering insecure downloads.

Last year, Google introduced a toggle in Chrome’s security settings to “Always use secure connections.” Enabling this toggle button lets Chrome switch to the HTTPS version of a website if a user lands on the HTTP version of a site. If the secure version or HTTPS version of a site is not available, Chrome will display an on-screen warning asking users if they would like to continue. Now Google is planning to extend these warnings to downloads from the websites that come from HTTP sources.

According to a report by 9To5 Google, a change in Chrome’s code and accompanying explainer indicates that Google is not only planning to roll out a security feature that will block all downloads from websites and sources that come from HTTP websites. The report also talks about various scenarios wherein this feature will come into action. For instance, if an HTTPS website redirects users to an insecure HTTP server for downloading files followed by a HTTPS connection in the end, Chrome will prevent the users from downloading the file by blocking it.

Citing another example, the report said that if users access a website that is available only via a HTTP server, Chrome will block all downloads originating from that website completely.

While Chrome will block all HTTP downloads, it will also include provisions to bypass these protections if needed. However, this bypass will be accompanied by its own loud warning of its own so that users know that they are accessing unsafe website that could be detrimental to their data privacy and security.

That said, initially, this feature will be locked behind a Chrome flag. Later, the company will make it available as part of the ‘Always use secure connections’ toggle.

As far as availability is concerned, this feature is in development state at the moment, and it is expected to arrive with the release of Chrome 111 in March 2023.

The post Google Chrome is making it difficult to download sneaky HTTP files appeared first on BGR India.

 

 

Google, since past several years, has been taking proactive measures for making browsing experience on Chrome safer and more secure. The company, back in 2016, announced that it would start marking all HTTP websites as ‘not secure’ with the roll out of Chrome 56 starting January 2017. Then in 2018, the company announced that it would eventually mark all HTTP website as ‘not secure’. In addition to these changes, the company also started blocking secure websites from using insecure web forms or offering insecure downloads.

Last year, Google introduced a toggle in Chrome’s security settings to “Always use secure connections.” Enabling this toggle button lets Chrome switch to the HTTPS version of a website if a user lands on the HTTP version of a site. If the secure version or HTTPS version of a site is not available, Chrome will display an on-screen warning asking users if they would like to continue. Now Google is planning to extend these warnings to downloads from the websites that come from HTTP sources.

According to a report by 9To5 Google, a change in Chrome’s code and accompanying explainer indicates that Google is not only planning to roll out a security feature that will block all downloads from websites and sources that come from HTTP websites. The report also talks about various scenarios wherein this feature will come into action. For instance, if an HTTPS website redirects users to an insecure HTTP server for downloading files followed by a HTTPS connection in the end, Chrome will prevent the users from downloading the file by blocking it.

Citing another example, the report said that if users access a website that is available only via a HTTP server, Chrome will block all downloads originating from that website completely.

While Chrome will block all HTTP downloads, it will also include provisions to bypass these protections if needed. However, this bypass will be accompanied by its own loud warning of its own so that users know that they are accessing unsafe website that could be detrimental to their data privacy and security.

That said, initially, this feature will be locked behind a Chrome flag. Later, the company will make it available as part of the ‘Always use secure connections’ toggle.

As far as availability is concerned, this feature is in development state at the moment, and it is expected to arrive with the release of Chrome 111 in March 2023.

The post Google Chrome is making it difficult to download sneaky HTTP files appeared first on BGR India.