Starting with version 83, Google Chrome will block all "insecure downloads" from https sites

Written 4 months ago by IanDorfman

Google is looking to further protect Internet users that are more casual or less security-oriented by blocking certain insecure elements of the web. Starting with version 83, this includes files downloaded from websites that are seemingly secure https sources but are actually http.

In a blog post written by Chrome Security team member Joe DeBlasio, these so-called "mixed content downloads" (non-HTTPS downloads started on HTTPS pages) are seen by Google as a security and privacy risk for anyone using Small Google Chrome iconGoogle Chrome to browse the Internet. The incremental rollout of different types of files is the first step of several that the company will be taking to harden the browser's security for users that are less tech savvy or prefer not to use content blockers to sure up their security.

The first step to this mixed content download blocking plan comes in version 82 of Chrome, set to be released in April. Executing files (such as exes) downloaded from insecure sources will trigger a warning. In version 83, they will be blocked from the browser entirely. By version 86, all files downloaded via non-https sources found on https websites (including images, audio, movies, and text) will be blocked by Chrome. The timeline can be found as the header image above this news article.

This will as of yet not impact Small Chromium iconChromium or other web browsers that are built from it (such as the new Small Microsoft Edge iconMicrosoft Edge. Other web browsers not powered by Chromium, such as Small Mozilla Firefox iconMozilla Firefox, will also continue to support downloading files from insecure sources on HTTPS websites.

Further coverage:
Chromium Blog
gHacks Tech News