Google today announced that it would soon warn Chrome users about “insecure” downloads, the first move in a plan to block them entirely.
“Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files,” said Joe DeBlasio of the Chrome security team in a blog post. “Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers and eavesdroppers can read users’ insecurely-downloaded bank statements.”
In April, starting with Chrome 82, the browser will warn users who are about to downloaded mixed content executables from a secure website. That pop-up, according to Google, will look like the image below.
“In the future, we expect to further restrict insecure downloads in Chrome,” DeBlasio wrote.
Both of the scheduled warnings are also coming to the iOS and Android versions of Chrome, though they may be slightly delayed.
You can expect all mixed content downloads — the insecure ones anyway — to be blocked in Chrome 86, which Google estimates will launch in October. The chart below helps to better outline the release scheduled and what you can expect from future versions of Chrome.