Product reviews, deals and the latest tech news

Google Chrome will soon make it hard to download files from sneaky HTTP sources

Google has made great progress in its mission to devalue HTTP webpages. Since Chrome 94, if you try to access an insecure website, you’ll be met with a full-page warning. This works in tandem with the “not secure” warning that appears in the browser’s address bar whenever a non-HTTPS site is accessed. The option to “Always utilise secure connections” was introduced in Chrome in June of last year. If you’ve arrived on an HTTP version of a website and have this option turned on, your browser will try to redirect you to the secure HTTPS version of the site. This security will soon be available for downloads from any HTTP source, since Google is planning to roll it out.

Chrome has been found to have some new code in it. Gerrit suggests that the search engine giant is working on a new security feature to prevent “insecure” downloading from HTTP sites. This is an improvement over the current toggle that forces an HTTPS connection. The security feature is now under beta testing, but more users should have access to it when Chrome 111 is released in March.

Perhaps it is worth remembering that Chrome already prevents unsafe downloads. Downloads and online forms that are not encrypted are also immediately prohibited, regardless of whether they come from an HTTPS or non-HTTPS site. It happens when you try to download anything via an HTTPS connection but are instead sent to an unsecured HTTP server. An future update to Chrome will prevent it from processing any downloads from sites that aren’t encrypted using HTTPS.

The restriction is only another security warning, not an ultimate protection against hazardous downloads, as 9to5 points out.

The new security feature may not be released until later in 2018 since Chrome 111 won’t enter production until March. If it is available for testing in Chrome, it will probably be concealed behind a Chrome flag that you will have to find yourself.