Google will block mixed content downloads in Chrome

by ·

A man-in-the-middle attack is a commonly used attack method in the network world. It intercepts user communications and returns malicious content mainly by hijacking specific servers.

Fortunately, most websites now have encrypted transmission protocols enabled to avoid hijacking, but there are still some websites that use clear text transmission protocols to download files.

In response to various man-in-the-middle attacks in the online world, Google Chrome plans to gradually block all download requests transmitted through clear text protocols in the future.

When a user downloads, Google Chrome will directly prompt the download failure and click to view the details to tell the user why the browser prevents the user from continuing the download.

Image: chromium

Of course, this improvement is not immediately available. Google plans to display warnings from Google Chrome v82 and eventually block downloads completely in v85.

  • In Chrome 81 (released March 2020) and later:
    • Chrome will print a console message warning about all mixed content downloads.
  • In Chrome 82 (released April 2020):
    • Chrome will warn on mixed content downloads of executables (e.g. .exe).
  • In Chrome 83 (released June 2020):
    • Chrome will block mixed content executables.
    • Chrome will warn on mixed content archives (.zip) and disk images (.iso).
  • In Chrome 84 (released August 2020):
    • Chrome will block mixed content executables, archives and disk images.
    • Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
  • In Chrome 85 (released September 2020):
    • Chrome will warn on mixed content downloads of images, audio, video, and text.
    • Chrome will block all other mixed content downloads.
  • In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.

If the website still does not use the encrypted transmission protocol in the future, the provided file downloads will be blocked, and users will no longer be able to download these files normally.

Tags: