According to reports, tech giant Google is developing a new security feature to prevent hazardous HTTP (hypertext transfer protocol) downloads in Chrome.
An extension of HTTP called HTTPS has gained enormous popularity online.
It was previously only used with websites that required to be secured using HTTPS encryption, such as banks, but it is now almost normal.
All HTTP downloads will be prohibited by Chrome, promoting safe and secure browsing. The browser currently offers a few security features, such as mixed components and a toggle for “Always utilize secure connections” in the security settings. For older websites that merely use HTTP encryption, the browser furthermore displays a “Not Secure” warning in the address bar.
Google wants to better protect Chrome users from potentially dangerous HTTP downloads after a recent code modification. The presence that this prevents downloads from any connection, containing those that are bound with unsafe websites, goes beyond the safeguards already in place for downloading mixed content.
HTTP Page Loading
Even though HTTPS sites with encryption are fundamentally safer than HTTP sites, if they host files that can only be downloaded via the HTTP protocol, consumers may still be at risk.
Google is taking action in response to worries that many people would interpret the ‘HTTPS’ prefix and accompanying padlock in a website’s address bar as a sign that any items offered for download on the page will similarly be secure.
In a Twitter thread defending the action, DeBlasio stated that all unsafe downloads were detrimental to users’ privacy and security. “An active attacker can switch the download for a malicious one or an eavesdropper can monitor what a user is downloading.”
The security engineer said, “Think of it like mixed content limiting, but for downloads.” He was speaking to developers. Insecure content cannot be loaded on HTTPS pages, and insecure files should not be downloaded.
