Google has recently announced a new security feature coming to Google Chrome that would essentially block insecure downloads in the browser, adding a new protection layer to devices where the application is installed.
These include both desktop and mobile, as Google wants to introduce the insecure download blocker on Windows, Linux, macOS, Android, and iOS at some point in the near future.
First of all, what’s an insecure download?
Google uses this term to refer to mixed content downloads, which essentially are downloads through HTTP pages but which start on HTTPS. So technically, you load a HTTPS website, click through a series of pages (all HTTPS), and then when you attempt to download a file, it’s served from a HTTP page. This mixed content approach doesn’t sit well with Google’s attempt to block insecure subresources on secure pages, so the company wants to eventually block all these downloads in Chrome browser.
“Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome,” Google says.
The company has already shared a schedule for introducing this new functionality, and we’ll discuss it in a few minutes, but for now, let’s see how you can enable it ahead of everyone else.
First of all, you must be running the latest version of Google Chrome Canary – I tested this method on version 82.0.4051.0, so make sure you are running at least this build.
Once you launch the browser, type the following code in the address bar:
chrome://flags
Next, in the address bar, look for the following flag:
Treat risky downloads over insecure connections as active mixed content
As a shortcut, you can use the following code, which you can paste right in the Chrome address bar:
chrome://flags/#treat-unsafe-downloads-as-active-content
The default setting of the flag means it’s disabled in the current version of Google Chrome, so you need to click the drop-down button and then switch it to enabled. You’ll have to reboot your browser for the new settings to come into effect.
Whenever a download is served from a mixed content page, you should see the following message in the download bar at the bottom:
File.exe can’t be downloaded securely.
The release schedule of the new feature is this:
- Google Chrome 81 (March 2020) – console warning for all types of files
- Google Chrome 82 (April 2020) – warning for executables + console warning for other file types
- Google Chrome 83 (June 2020) – block executables + warning for archives + console warnings for other file types
- Google Chrome 84 (August 2020) – block executables and archives + warning for documents + console warning for media files
- Google Chrome 85 (September 2020) – block executables, archives, documents + warning for…
https://news.softpedia.com/news/how-to-try-out-the-new-insecure-download-blocker-in-google-chrome-529130.shtml