Chrome may allow you to block potentially insecure HTTP downloads
HTTPS definitely became a standard quite some time ago, but HTTP is still very much present. HTTPS encryption is miles ahead of what HTTP offers, and it became a standard for a reason. Google has been encouraging the use of HTTPS for a long time. Chrome marks older HTTP websites as “Not Secure”, and it has been that way for a while. It also blocks secure websites from using insecure web forms, or offering insecure downloads. In other words, it blocks “mixed content” because it believes is insecure. Now, a new code change has been spotted. It suggests Google wants to expand its toggle to protect Chrome users from potentially insecure HTTP downloads. Needless to say, this goes beyond the “mixed content” download protections.
This is how it will work
How would this work exactly? Well, for example, if you click on an HTTPS download link, and you get redirected to a potentially insecure HTTP server followed by a final HTTPS connection, Chrome would block it, and mark it as unsafe. The same goes for browsing websites that are only in HTTP, including their downloads, of course. Don’t worry, though, just like with the “mixed content”, you’ll be able to bypass this block, if you trust the source. This feature will first arrive in the form of a Chrome flag, as many other similar features. Following that, it’s expected to become a standard in Google Chrome. Broader testing is expected to start in March 2023. The final release is expected later in 2023, in case you’re wondering.
