Google made significant strides toward making HTTP websites less appealing to visit. Whenever you visit an untrusted website, Chrome displays a full-page warning. Chrome now displays the “not secure” label in the address bar when you try to access a non-HTTPS website. Last June, Chrome introduced a toggle for “Always use secure connections.” As with many top web browsers, when enabled, this feature will switch your connection to HTTPS if you are initially on the HTTP version of the site. Now, Google is poised to extend that same protection to downloads that come from an HTTP source.
According to new code spotted in Chrome Gerrit, Google is preparing to introduce a new security feature to block “insecure” HTTP downloads. This feature builds upon the existing toggle to automatically switch your connection to HTTPS. This upcoming security option is in testing right now and will come into action when Chrome 111 launches in March.
While many would be thinking that Chrome already blocked insecure downloads so what’s the difference in this new security feature? It’s quite simple. In the old versions, users were automatically blocked from downloading unencrypted files and filling out online forms, while in the new ones, users are blocked from downloading from non-HTTPS sources if they click on an HTTPS download link and are then redirected to an insecure HTTP server.
Chrome 111 isn’t expected to be released until March, so the upcoming protection tool may be available later this year. If Chrome is initially released for testing, it’s likely to be hidden behind a Chrome flag that you must find yourself.