After announcing plans to block intrusive video ads, silence annoying notification requests and restrict third-party cookie access on its Chrome web-browser, Google has announced new steps to protect users from insecure downloads on the internet. The company, on Thursday, said that Chrome will start gradually phasing out non-HTTPS downloads that start on secure pages. In an official blog post, the search giant said that it will implement a ‘series of steps’ to ensure that secure (HTTPS) pages only download secure files.
Starting with Chrome 82, which is slated to be released in April 2020, the browser will start warning, and later blocking, these mixed-content downloads. Executable files, including .exe and .apk, which pose the most risk, will be the first ones to be impacted by the new policy, with subsequent releases covering other file types, including archives (.zip, .iso, etc), documents (.pdf, .docx etc) and media (.png, .mp3 etc).
“This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see”, said the company. Google plans to roll out Chrome 82 with restrictions on mixed content downloads on all supported desktop platforms, including Windows, macOS, Chrome OS and Linux, before moving to mobile. It will be available on Android and iOS starting with Chrome 83 and, will come full-circle with Chrome 86 (to be released October 2020), which will block all mixed-content downloads.
Google plans to roll out more restrictions on insecure downloads in Chrome going forward, although, it isn’t immediately clear as to what those steps will be. However, for now, the company is advising developers to migrate fully to HTTPS to avoid future restrictions and protect users.