Google Chrome to Block Downloads from Unsecured Locations
Google is set to make significant changes to the Google Chrome browser that would eventually lead to entirely blocking the download of files from HTTP (unencrypted) sources, starting with Chrome 83.
The new measure announced by Google refers to “mixed content downloads,” including all non-HTTPS downloads started on secure pages. Eventually, Google plans to block all insecure sub-resources on secure pages.
Google plans to focus on downloaded files from unsecured locations but offered to users on secured websites. Bad actors can use this type of download to push files infected with malware or provide eavesdroppers with a way to read insecurely-downloaded bank statements.
“Starting in Chrome 82 (to be released April 2020), Chrome will gradually start warning on, and later blocking, these mixed content downloads,” explains Joe DeBlasio from the Chrome security team.
“File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types. This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.”
The rollout is scheduled to begin with Chrome 81 (March 2020), but only a console warning will be offered. Chrome 86 (October 2020) will block all content from an unsecured location, including executables, archives, documents, images, audio, video, text, and miscellaneous.
Mobile users, on Android and iOS, will get a reprieve of one release as it’s believed that the current platforms have better native protection against malicious files. Google encourages developers to migrate fully to HTTPS to avoid any future restrictions.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021