Hot News
Chrome to Block Insecure Downloads
2020-02-16 08:00  Browse:11

Downloading files on Google's browser is set to become safer with the launch of Chrome 82.

Later this year, Chrome will block so-called "mixed content downloads," which are web pages secured using HTTPS serving a download from a non-HTTPS source, Joe DeBlasio from the Chrome security team writes on the Google Security Blog.   

Right now it's possible to visit a secure web page and download content from an insecure location without Chrome flagging a security risk. And there is a real risk, because if the download is coming from a non-HTTPS location there's a chance a hacker could switch the download for malware and users would be none the wiser until they accessed the downloaded content.

Blocking of content won't happen immediately. When Chrome 82 arrives in April, Google will display a warning for any executables downloaded from an insecure address. From Chrome 83 onwards, such downloads will be simply blocked. The warn-block process will be implemented in stages for archives, "all other non-safe types," and finally images, audio, video, and text files. The schedule for implementing warnings and blocking is detailed in the table above.

The restrictions will be rolled out across Windows, macOS, Chrome OS, and Linux versions of Chrome. Android and iOS versions will get the same, but delayed by one release so developers have more time to update their mobile experience for users. Google also points out mobile users already get "better native protection against malicious files."


  • Chrome 80 Is Less Annoying Thanks to Fewer Pop-Ups

  • Google's Chrome to Phase Out Third-Party cookies in 2 Years

  • Google Ends Support for Chrome Apps in June 2022

While this is a positive move for users, it's going to cause a lot of work for website owners, especially those who serve a lot of files and haven't switched over to HTTPS yet. But it's work that needs to happen and there's no bigger incentive to get on with it than Google threatening to show download warnings for your site.