Google Chrome will soon make it difficult to download files from incognito HTTP sources

However, you can still bypass the upcoming security feature.

Google has made significant progress in making HTTP websites less attractive to visit. Since Chrome 94, the web browser displays a full-page warning to prevent you from visiting an unsafe website. This is in addition to the “not secure” label that appears in the address bar when you try to open a non-HTTPS website. Last June, Chrome added a switch for “Always use a secure connection.” When enabled, this feature attempts to switch your connection to the HTTPS version of a website when you originally visited its HTTP version, as many great web browsers do. Now Google is ready to extend the same protection to downloads from HTTP sources.

New code discovered in Chrome Gerrit indicates that the search giant is preparing to introduce a new security option to block “unsafe” downloads from HTTP sites. It essentially builds on the existing toggle that automatically switches your connection to HTTPS. Currently, the security option is in development, but according to 9to5Google, more testers will be requested when Chrome 111 launches in March.

It’s probably worth noting that Chrome already blocks insecure downloads. Specifically, unencrypted downloads and online forms are automatically blocked even if they originate from an HTTPS website. This occurs when you click on an HTTPS download link and are redirected to an unsecured HTTP server. With the upcoming feature, Chrome will block all downloads that originate from a non-HTTPS source.

However, if you’re willing to take the risk to get the file you need, 9to5 points out that it’s still possible to bypass the block – making it just another kind of security warning, rather than full protection against unsafe downloads. .

With Chrome 111 not expected to begin production until March, the upcoming security device could arrive later this year. It’s likely that, like every other Chrome feature originally released for testing, it’s hidden behind a Chrome flag that you’ll have to find on your own.

Source