Security is something that Google is taken very seriously (privacy is another matter), so the search giant is working to introduce new security features in Chrome that will voluntarily block potentially unsafe downloads.
The Mountain View corporation is improving the “Always use secure connections” option, which can be found in Settings > “Privacy and security” and is disabled by default. When this option is enabled with its future possibilities, Google Chrome (and other Chromium browsers that include this option) will take care of block a download that, for example, is done via HTTP on a website that initially uses HTTPS. Depending on the merge request, the lock will be triggered in the following situations:
- The page with the download link is insecure.
- The final URL used is insecure.
- Any redirect is insecure.
The “Always use secure connections” feature is already available in Google Chrome and other Chromium browsers, but Google is working to extend and improve its functionality and is considering adding support to block all potentially unsafe downloads in the future. The objective is block any download originating from an HTTP source even when used as an address string redirect.
Because it is still under development, initially it would be supplied as a flag that would add additional possibilities to the aforementioned “Always use secure connections” option, so it would require a double activation, one in the section flags and another in the browser settings.
Blocking insecure downloads is not something unique to Chrome, as Mozilla has been working on something very similar in Firefox for a long time, and that is that HTTP connections, because they are not encrypted, give malicious actors the chance to intercept and read the data to simply spy on and try to carry out more complex attacks.