Chrome 80 this week began efforts to make sure secure pages serve HTTPS audio and video. Google now wants to protect users from insecure files by gradually blocking mixed content downloads.

Non-HTTPS downloads started on secure pages are a “risk to users’ security and privacy,” with Google citing how “insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements.”

At the moment, the browser provides no indication of insecure downloads started on HTTPS pages. Chrome 82 in April will provide such a warning, starting with executables like APKs and EXEs. Appearing in the downloads bar, Google will note when a file “can’t be downloaded securely.”

This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.

Chrome secure downloads

Google is starting with Windows, macOS, Linux, and Chrome OS before moving to Android and iOS — following a one release delay — with version 83. This is due to mobile platforms having “better native protections” against malicious files, like Play Protect.

Chrome’s secure downloads push to block mixed content downloads will be completed with Chrome 86 in October.

  • In Chrome 81 (released March 2020) and later: Chrome will print a console message warning about all mixed content downloads.
  • In Chrome 82 (released April 2020): Chrome will warn on mixed content downloads of executables (e.g. .exe).
  • In Chrome 83 (released June 2020): Chrome will block mixed content executables. Chrome will warn on mixed content archives (.zip) and disk images (.iso).
  • In Chrome 84 (released August 2020): Chrome will block mixed content executables, archives and disk images. Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
  • In Chrome 85 (released September 2020): Chrome will warn on mixed content downloads of images, audio, video, and text. Chrome will block all other mixed content downloads.
  • In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author