Skip to content

Google Chrome Puts Measures to Protect Users from Insecure Downloads

On February 6, 2020, Google announced that Chrome would gradually certify that secure (HTTPS) pages only download safe files. The platform started blocking “mixed content downloads” (non-HTTPS downloads started on secure pages) using a series of steps that it outlined.

The cybersecurity move follows a plan highlighted in October 2019 to begin blocking all the insecure sub-resources on secure pages. Insecurely-downloaded files present major risks to users’ privacy and security.

For example, insecurely-downloaded programs can be substituted with malware by attackers. Moreover, the eavesdroppers can read the unsuspecting users’ insecurely-downloaded bank statements.

To solve these challenges, Google plans to eliminate support for insecure downloads in Chrome. The first step is to remove the insecure downloads started on secure pages since these cases affect unsuspecting Chrome users whose privacy and security are at risk.

Chrome will start warning on and later blocking the mixed content downloads beginning with Chrome 82 that will be released in April 2020. All the files that pose the most risks will be targeted first, and the subsequent releases will cover more file types

Image by Joe DeBlasio, Chrome security team.

The continuous rollout is set up to neutralize the worst risks rapidly, enabling developers to update sites and reduce the number of warnings that Chrome users have to see.

Google plans to roll out restrictions on mixed content downloads on desktop platforms first, which include Chrome OS, Windows, Linux, and macOS.

Delays

Chrome announced that it would delay the rollout for iOS and Android users by one release. They will start the warnings in Chrome 83. Mobile platforms have enhanced native protections against malicious files.

Hence, the delay will enable developers to prepare adequately while updating their sites before focusing on mobile users.

Developers aim to ensure that the users do not see any download warnings. They will achieve that by ensuring downloads only use HTTPS.

In the Chrome Canary or Chrome 81, once released, developers can activate a warning on all the mixed content downloads for testing by activating the “Treat risky downloads over insecure connections as active mixed content” flag.

Education and enterprise customers can disable the block on a per-site basis via the existing InsecureContentAllowedForUrls policy. They will do so by adding a pattern that matches the page requesting the download.

It is expected that a further restriction of insecure downloads in Chrome will be implemented in the future. Developers should migrate to HTTPS entirely to avoid any future restrictions and guarantee that they protect their users entirely.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account?

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.