Google has uncovered plans to first warn Chrome users of "unsafe" downloads and then block them immediately. "We are announcing today that Chrome will gradually ensure that secure sites (HTTPS) only download secure files," said Joe DeBlasio of the Chrome security team in a blog post. “Insecurely downloaded files endanger the security and privacy of users. For example, maliciously downloaded programs can be swapped by attackers for malware, and eavesdroppers can read users' uncertainly downloaded bank statements. "
Starting in Chrome 82, due to be released in April, Chrome will warn users when they are about to download mixed executable content from a secure website.
Image: Google
When version 83 is released, these executable downloads are blocked and the warning is applied to archive files. PDF and DOC files are warned in Chrome 84. Audio, image, text and video files are displayed in version 85. Eventually, all mixed content downloads – a non-secure file that comes from a secure site – will be blocked from the release of Chrome 86. Currently, Google expects to release this build of the popular web browser in October. The following table shows the current plan for the Chrome team:
Image: Google
"We expect to be able to further limit unsafe downloads in Chrome in the future," DeBlasio wrote. This is part of Google’s effort to fully migrate developers to HTTPS. Over the past year, Google has started preventing HTTPS websites from accessing unsafe page resources.
These warnings also apply to the Android and iOS versions of Chrome. However, a publication for the mobile platforms is delaying the above schedule.
Chrome will delay the launch for Android and iOS users by one version and trigger warnings in Chrome 83. Mobile platforms offer better native protection against malicious files. This delay gives developers a head start in updating their websites before they impact mobile users.