Chrome will connect users to HTTPS websites instead of HTTP websites by default

Based on security considerations, Google Chrome has been committed to promoting the migration of the entire Internet to encrypted networks many years ago, that is, using digital signatures to encrypt inter-network traffic.

At present, most websites in the world have completed the deployment of encrypted traffic, but it must be said that there are still some websites that still use plaintext connections.

For users, the use of plaintext connections is extremely risky and easy to be attacked by man-in-the-middle attacks. Therefore, current mainstream browsers recommend users use encrypted network connections.

For those websites that do not force users to redirect from the plaintext network to the encrypted connection, Google Chrome has also decided to take necessary measures to ensure security.

The security measure adopted by Google Chrome is that if the user enters the address in the address bar if the prefix HTTPS is not added, it will use HTTPS to connect by default.

Theoretically, if the website has been deployed with mandatory redirection, the user accessing HTTP will also be redirected to HTTPS, but there are still security risks in the redirection process.

That is, an attacker can hijack and direct users to a phishing website while jumping from HTTP to HTTPS. The measures Google has taken are to avoid this risk.

When the user enters a URL, Google Chrome will try to connect using HTTPS by default, and Google will return HTTP only when the HTTPS connection cannot be completed.

This feature will be enabled by default in the Google Chrome version 90. In the beta version, users can turn this feature on by default through an experimental option.

Interested users can turn on this option for testing: chrome://flags/#omnibox-default-typed-navigations-to-https.

Via: ZDNet