14 DAY TRIAL // Google has recently announced a new security feature for Chrome browser that would essentially block insecure downloads by default.
Technically, Google considers insecure downloads files that are offered for download from HTTP pages after previously using a HTTPS website.
The mixed content download blocker will be released as part of a gradual rollout beginning with Chrome 82, which will go live in April 2020.
“Insecurely-downloaded files are a risk to users' security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome,” Joe DeBlasio, part of the Chrome security team, says.
Gradual rollout
Beginning with Google Chrome 81, the browser will issue console warnings for executables, archives, images, audio, text, video, and documents whenever mixed content downloads are detected. The rollout will continue with an update in Chrome 82, when warnings will also be issued for executables.
In Chrome 83, mixed content downloads of executables will be blocked by default, and each new version of the browser will add additional restrictions for the rest of the file formats.
Similar features will also be implemented in Chrome on mobile devices, so Android and iOS users will also be protected from mixed content downloads. However, the rollout on mobile devices will be delayed by one release, which means the warnings will be issued beginning with Chrome 83.
“Mobile platforms have better native protection against malicious files, and this delay will give developers a head-start towards updating their sites before impacting mobile users,” DeBlasio explains.
Most likely, the other Chromium-based browsers, including Microsoft Edge, will follow in Google Chrome’s footsteps with additional blockers for mixed content downloads beginning with the next updates for the stable channel.