As HTTPS has spread more widely on the internet, Google Chrome is getting ready to include a security feature that will prevent “insecure” downloads via HTTP. This new setting to prevent unsafe HTTP downloads will first be hidden behind a Chrome flag. However, it will eventually be accessible via the “Always utilize secure connections” checkbox.
Chrome Blocking Downloads from HTTP Websites
With the release of Chrome v111 in March of this year, we can anticipate this. It should be noted that this new setting differs differently from the one that the Chrome browser already uses to block all unsafe downloads. This will initially be accessible to beta testers through the Flags area and, later, to everyone.
Users can not download files from HTTP websites as of Chrome version 111. This feature is reported by 9to5google, it will initially be accessible to testers under the flags area before gradually being available to everyone over time. Although there are currently methods to get around this barrier, doing so is not advised.
- The DownloadRestrictions policy in Chrome allows administrators to stop users from downloading risky resources like malware or corrupted files.
- Users can be prevented from downloading any files or those that Google Safe Browsing flags as potentially harmful.
- Users who attempt to download risky files are presented with a security warning that they cannot ignore.
Google Improved Chrome’s security features
Google has been enhancing Chrome’s security features over the past few years in an effort to promote the adoption of HTTPS connections whenever possible.
As more websites handle user data on a daily basis, HTTPS encryption has essentially replaced the earlier requirement that only privacy-sensitive websites, like banks, be secured with it. By prohibiting downloads from all connections, including those connected to unsafe websites, the new system goes beyond the already-existing precautions against mixed content downloads. Mixed content refers to this fusion of secure and insecure components.
The address bar of the browser now prominently displays “Not Secure” next to any older HTTP website. Additionally, Chrome By Default prevents secure websites from giving insecure downloads or using insecure web forms.
In Chrome’s security settings, the business more recently added a checkbox for “Always use secure connections.” By enabling this, you’re instructing Chrome to try to “upgrade” to HTTPS versions of websites if you inadvertently access an insecure one. If a secure version isn’t available, a warning message appears on the screen and asks you if you want to proceed.
How Google Prevent Downloads From Unsecure Websites
For instance, Google Chrome would stop the download as unsafe if you clicked an HTTPS download link and it redirected you to an insecure HTTP site before concluding with an HTTPS connection. Similarly, Chrome will prevent any downloads coming from a website that is only accessible by HTTP while you are browsing it.
However, you can get around the block just like you can with Chrome’s other methods of preventing access to insecure websites and downloads. In that sense, it serves less as a true barrier to users accessing potentially dangerous areas of the internet.
In a nutshell, Google wants to make this choice more widely available so that it can shield Chrome users from all potentially unsafe HTTP downloads. But only time can tell how effective it will be in serving the purpose.