Back in July of 2021, Google stated that it was looking to expand HTTPS adoption with its HTTPS-First mode. This was just months after Google announced that it will default to HTTPS for incomplete URLs. HTTPS-First can be enabled inside the browser Settings by turning on the "Always use secure connections" inside Privacy and Security > Security.
Earlier today, the Chromium team announced that it will make HTTPS (Hypertext Transfer Protocol Secure) default very soon. This means Google will check for a secure network connection and upgrade to HTTPS automatically, though, there will be a fallback mode as well, just in case HTTPS is not available on a website. It is currently in the testing phase on Chrome version 115.
In its announcement post, the Chromium team explains:
Chrome will automatically upgrade all http:// navigations to https://, even when you click on a link that explicitly declares http://.
.. Chrome will detect when these upgrades fail (e.g. due to a site providing an invalid certificate or returning a HTTP 404), and will automatically fallback to http://. This change ensures that Chrome only ever uses insecure HTTP when HTTPS truly isn't available, and not because you clicked on an out-of-date insecure link. We're currently experimenting with this change in Chrome version 115
Another extension of this security measure is that Chrome will soon start warning against potentially malicious content, ie, when a user tries to download a risky file over an insecure connection. The Chromium team explains that it will not warn about typically secure files like images, audio/music files, or video files.
Chrome will start showing a warning before downloading any high-risk files over an insecure connection.
[..]
This warning aims to inform people of the risk they're taking. You will still be able to download the file if you're comfortable with the risk. Unless HTTPS-First Mode is enabled, Chrome will not show warnings when insecurely downloading files like images, audio, or video, as these file types are relatively safe.
These changes are expected to roll out to users starting next month around mid-September. You may learn more about the changes on the official blog post on Chromium's site.
4 Comments - Add comment