Google Chrome has announced the latest feature that they will be adding to their chrome security arsenal. Chrome will now prevent the download of insecure files from the internet.
It will do this by making sure that secure HTTPS pages only download safe files. I will also prevent the download of ‘mixed content download’ which is non-HTTPS download on secure pages. This feature is a continuation of Google’s plan to block all insecure subresources on secure pages.
An insecure download can put all your private and personal information at risk. A hacker can simply swap the downloaded program with a malware that can leak your private data or eavesdrop and read your user data. Chrome plans on eventually removing the option to download insecure files altogether to make up for a more secure browsing experience.
Chrome’s first target is to handle insecure downloads from secure sights as chrome currently gives no indication of a vulnerable download taking place, putting the user’s privacy and security at risk.
Starting with Chrome 82(April 2020)Chrome will gradually start warning on, and later blocking, these mixed content downloads. File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types.
This gradual rollout is designed to mitigate the worst risks quickly, provide developers with an opportunity to update sites and minimize how many warnings Chrome users have to see.
Chrome will also release this update on android devices, but it will be delayed. Mobile Platforms have better native protection against such threats. The delay will give time to the developers to make the necessary changes on their sites.
Developers can block the visibility of the warning message all together by ensuring that the downloads only use HTTPS.
Google aims at blocking insecure downloads all together in the future and they also encourage developers to migrate to HTTPS to avoid future restrictions.