Google is acting on concerns that many users will see the ‘HTTPS’ and accompanying padlock in a site’s address bar as indicators that any files available for download on the page will also be secure. While encrypted HTTPS sites are inherently more secure than HTTP sites, if they host files that are downloaded using the HTTP protocol they could still be putting users at risk. Google is launching a phased rollout of mixed content downloads Positive trust indicators In Chrome 86 and beyond (released October 2020), Chrome will block all mixed content downloads. The download restrictions, which were first outlined in April 2019, will then widen to include archives (.zip) and disk images (.iso) in Chrome 84, slated for an August rollout, then other mixed content apart from images, audio, video, and text in Chrome 85 in September. exe – the most common vehicles for malware – would initially be blocked in June’s release of Chrome 83. In a post published on the Google Security Blog last week, Joe DeBlasio of Chrome’s security team outlines how mixed content downloads of executables such as. HTTPS padlock gives users a false sense of security when downloading filesĬhrome will start blocking HTTP downloads started on secure (HTTPS) web pages – so-called ‘mixed content downloads’ – in a phased rollout culminating in October’s release of Chrome 86.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |