Security News > 2020 > February > Google Chrome to start blocking downloads served via HTTP
Google has announced a timetable for phasing out insecure file downloads in the Chrome browser, starting with desktop version 81 due out next month.
Known in jargon as 'mixed content downloads', these are files such as software executables, documents and media files offered from secure HTTPS websites over insecure HTTP connections.
Google will introduce this change gradually rather than all at once, at first offering warnings about executable downloads via HTTP in versions 81 and 82 of the desktop browser.
Doc and PDFs, images, videos and music files until, by Chrome version 86 in October, all downloads via HTTP will be blocked.
More recently, Chrome took aim at mixed content such as images, audio and videos allowed to load insecurely over HTTP. Apart from creating security issues, this could also be confusing for users who were confronted with 'insecure content' warnings despite the visited site using HTTPS. That initiative is still ongoing with blocking of images that don't load over HTTPS due to start from Chrome version 81, due later this month.
News URL
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)