Headline

Google Chrome to block insecure downloads on HTTPS pages gradually

ZDNet reported in April 2019 about a proposal Google had made to other browser makers.

Google

Provided by: Google

The proposal was to block downloads on the browser if a user attempted to download a file over HTTP on a web page loaded using the HTTPS protocol.

Google And Google will promote this proposal for 2019 on February 6, 2019 as official and implement it on “ Google Chrome ''Announced.

According to the announced schedule, starting with "Google Chrome 83" scheduled to be released in June, it will start blocking "risk downloads".

However, it is unlikely that the company will ban all downloads via HTTP. In 2019, Google already alerted users by displaying a “Not Secure” message on the omnibox when they visited an insecure site in Chrome, There is no intention to block downloads via HTTP from pages loaded using the HTTP protocolHad statedIt seems.

The plan is to block insecure downloads [that is, via HTTP] from sites that are considered secure [loaded using the HTTPS protocol].

According to Google, if a site's URL starts with https: //, users will assume that downloads from that site will also be over HTTPS, but some sites do not. That.

On the same day, Google announced a six-step plan to progressively ban downloading over HTTP from sites loaded using the HTTPS protocol.


Chrome
Provided by: Google

Chrome 81 [March 2020]Displays a warning message on the console when attempting to download mixed content, regardless of type.

Chrome 82 [April 2020]If the mixed content to be downloaded is an executable file [for example, an .exe file], a warning is displayed.

Chrome 83 [June 2020]If the mixed content to be downloaded is an executable file, the download is blocked. When the mixed content is an archive file [.zip file] or a disk image [.iso file], a warning is displayed.

Chrome 84 [August 2020]If the mixed content to be downloaded is an executable file, an archive file, or a disk image, the download is blocked. If the mixed content has a format other than these [except for the case of image / sound / moving picture / text], a warning is displayed.

Chrome 85 [September 2020]If the mixed content to be downloaded is an image / audio / video / text, a warning is displayed. If the mixed content has a format other than these, the download is blocked.

Chrome 86 [October 2020]Block all mixed content downloads.

Google says it understands that in managed environments such as intranets, the risk of HTTP downloads may be low. In such cases, Google explains that a Chrome policy ["InsecureContentAllowedForUrls"] would allow per-site HTTP downloads in a managed environment.

This article is from overseas CBS InteractivearticleWas edited by Asahi Interactive for Japan.


Source link

Do you like this article??

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button