Skip to main content

Chrome to gradually block insecure downloads on HTTPS page

Avatar for Abner Li  | Feb 6 2020 - 10:28 am PT
0 Comments
Acer Chromebook 514

Chrome 80 this week began efforts to make sure secure pages serve HTTPS audio and video. Google now wants to protect users from insecure files by gradually blocking mixed content downloads.

Non-HTTPS downloads started on secure pages are a “risk to users’ security and privacy,” with Google citing how “insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements.”

At the moment, the browser provides no indication of insecure downloads started on HTTPS pages. Chrome 82 in April will provide such a warning, starting with executables like APKs and EXEs. Appearing in the downloads bar, Google will note when a file “can’t be downloaded securely.”

This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.

Google is starting with Windows, macOS, Linux, and Chrome OS before moving to Android and iOS — following a one release delay — with version 83. This is due to mobile platforms having “better native protections” against malicious files, like Play Protect.

Chrome’s secure downloads push to block mixed content downloads will be completed with Chrome 86 in October.

  • In Chrome 81 (released March 2020) and later: Chrome will print a console message warning about all mixed content downloads.
  • In Chrome 82 (released April 2020): Chrome will warn on mixed content downloads of executables (e.g. .exe).
  • In Chrome 83 (released June 2020): Chrome will block mixed content executables.
    Chrome will warn on mixed content archives (.zip) and disk images (.iso).
  • In Chrome 84 (released August 2020): Chrome will block mixed content executables, archives and disk images. Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
  • In Chrome 85 (released September 2020): Chrome will warn on mixed content downloads of images, audio, video, and text. Chrome will block all other mixed content downloads.
  • In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Google Chrome

Google Chrome

Available for Windows, Mac, and Linux, Google C…
Chrome 86

Chrome 86
Chrome 82

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com