Tech Forums & Message Boards. Discuss Newest & Greatest Tech Trends. › Tech Forums & Message Boards. Discuss Newest & Greatest Tech Trends. › General Talk › Chrome 82: Clamping down on risky downloads
MemberSeptember 14, 2021 at 10:11 am
Starting with Chrome 82 – it arrives April 28 – the browser will warn users when executable files begin their downloading from a secure page (one marked as HTTPS) but actually transfer their bits over an insecure HTTP connection. “These cases are especially concerning because Chrome currently gives no indication to the user that their privacy and security are at risk,” Joe DeBlasio, a software engineer on the Chrome security team, wrote in a Feb. 6 post to a company blog.
As of Chrome 83, the version scheduled to release June 9, Google will drop the hammer, barring those executable files from downloading.
Over several more versions of the browser, Google will first warn, then block, additional file types, including (in order) archives such as .zip; “all other non-safe types, like .pdf and .docx; then finally image files, such as .png. For example, Chrome 83 will institute warnings for archives (and Chrome 84 will block them), while Chrome 84 will alert users about .pdfs with Chrome 85 blocking them.
Chrome 84 is to release Aug. 4; Chrome 85 debuts Sept. 15.
“This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see,” added DeBlasio.
By Chrome 86 (an Oct. 27 appearance), the browser will be blocking “all mixed-content downloads,” DeBlasio concluded.
Enterprises and other organizations managing Chrome can disable this future blocking on a per-site basis using the InsecureContentAllowedForUrls policy.