Security News > 2020 > February > Google Chrome To Bar HTTP File Downloads
Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages.
With Chrome 68's 2018 release, Google started to label HTTP websites with an "Insecure" warning label in the navigation bar.
Starting in Chrome 82, set to be released in April, Google wants to uproot this issue by first warning users of, and later blocking, "Mixed content downloads," over HTTP, which could consist of HTTP executables, archives, multimedia files and all other "Non-safe" types.
Starting with Chrome 82, Google Chrome will first merely warn users if they are downloading executables using an HTTP connection - then, with Chrome 83 the browser will begin to block them.
Google also said that in the current version of Chrome Canary and in Chrome 81, developers can activate a warning on all mixed content downloads for testing by enabling the "Treat risky downloads over insecure connections as active mixed content" flag at.
News URL
https://threatpost.com/google-chrome-to-bar-http-file-downloads/152674/
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)