Chrome becomes a policeman: from version 82 it will report and block, ” unsafe ” downloads
In an attempt to induce more and more developers to switch to HTTPS, Chrome will start from spring with a new reporting policy and subsequent blocking of non-HTTPS downloads in HTTPS pages.
In recent days, Google has revealed some important details about the roadmap that will mark the releases of the next versions of the Chrome browser, and on the new reporting (and blocking) modes that will operate against ” unsafe ” downloads starting from HTTPS web pages.
” We announce that Chrome will gradually ensure that only secure files can be downloaded from HTTPS secure pages. Files downloaded in an unsafe manner are a risk to the safety and privacy of users. For example, programs downloaded in an unsafe manner can be replaced with malware from attackers. In contrast, attackers could intercept bank statements downloaded in an unsafe manner, ” explained Chrome security officer Joe DeBlasio in a post on the official blog. Chrome speaks of ” mixed content ” or of ” unsafe ” elements, i.e., deriving from non-HTTPS sites within HTTPS sites.
Graduality is precisely the key feature of the release plan that Chrome has in mind: starting from version 82, which is expected to be released in April, the browser will warn users if they are going to download unsafe executables from a website HTTPS.
As can be seen from the diagram published on the blog, with the release of version 83, the executables will instead be blocked directly, while the warning will concern the archives. And so on with this cadence: in Chrome 84, the warnings will be for .doc and .pdf documents, while the archives will be blocked, then it will be the turn of the warnings for audio files, images, and videos in version 85 and finally from version 86, Chrome will directly block all unsafe downloads within an HTTPS site. According to Google, the Chrome 86 version will be released approximately during the month of October.
The strategy will also be pursued for the Android and iOS versions of Chrome, but the roadmap will be delayed by one version. DeBlasio points out: ” Chrome will postpone the rollout for Android and iOS, by starting the alerts from Chrome 83. Mobile platforms have better native protection against dangerous files, and this will give developers a little advantage in updating their sites before impact mobile users. “