MANILA, Philippines – Google will beef up security on the Chrome browser by phasing out insecure downloads through a gradual patching process.
Joe DeBlasio of Chrome's security team said in a blog post last Thursday, February 6, that the company was working to gradually ensure "secure (HTTPS) pages only download secure files."
The company explained insecurely-downloaded files can be a security and privacy risk as these downloads can be "swapped out for malware by attackers and eavesdroppers can read users’ insecurely-downloaded bank statements.” Meanwhile the gradual rollout will be done "to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see."
The process will start with the launch of Google Chrome 82 around April, when the browser will begin sending out warnings for, then eventually outright blocking, mixed content downloads. Mixed content downloads are a type of download Google defined as "non-HTTPS downloads started on secure pages."
The warnings and blockings will impact file types potentially posing the greatest risks first, such as executables, and further releases will expand the coverage to other file types.
Desktop platforms, namely Windows, macOS, Chrome OS, and Linux, will be affected first, while Android and iOS will start their process one iteration later, beginning with Chrome 83 instead. Desktop platforms are expected to block all mixed content downloads by Chrome 86, scheduled for an October 2020 release. – Rappler.com