Security News > 2020 > February > Google Chrome To Bar HTTP File Downloads
Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages.
With Chrome 68's 2018 release, Google started to label HTTP websites with an "Insecure" warning label in the navigation bar.
Starting in Chrome 82, set to be released in April, Google wants to uproot this issue by first warning users of, and later blocking, "Mixed content downloads," over HTTP, which could consist of HTTP executables, archives, multimedia files and all other "Non-safe" types.
Starting with Chrome 82, Google Chrome will first merely warn users if they are downloading executables using an HTTP connection - then, with Chrome 83 the browser will begin to block them.
Google also said that in the current version of Chrome Canary and in Chrome 81, developers can activate a warning on all mixed content downloads for testing by enabling the "Treat risky downloads over insecure connections as active mixed content" flag at.
News URL
https://threatpost.com/google-chrome-to-bar-http-file-downloads/152674/
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)