wordpress blog stats
Connect with us

Hi, what are you looking for?

Google Chrome to gradually block all ‘mixed content downloads’

Google Chrome will “gradually” block non-HTTPS downloads started on secure pages (mixed content downloads) starting from June 2020, and will eventually block all mixed content downloads by October 2020, it announced in a blog post on February 6. Starting April 2020, Chrome will start warning users whenever they download non secure files such as executables (.exe) on secure pages, which is significant, because in Google’s own admission, it currently gives no indication to the user that their privacy and security are at risk. In October 2019, Google had said that it was planning to block mixed content downloads.

“Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome,” it said in the blog post.

What exactly are mixed content downloads? Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS, explained Google.

How Chrome plans to eventually block mixed content downloads: 

As per the blog post, file types that pose the “most risk” to users will be dealt with first, with subsequent releases covering more file types. The measures will be rolled out in the following order:

Advertisement. Scroll to continue reading.
  • Chrome 81 (released March 2020) and later: Will print a console message warning about all mixed content downloads.
  • Chrome 82 (released April 2020): Will warn on mixed content downloads of executables (e.g. .exe).
  • Chrome 83 (released June 2020): Will block mixed content executables and will warn on mixed content archives (.zip) and disk images (.iso).
  • Chrome 84 (released August 2020): Will block mixed content executables, archives and disk images and will warn on all other mixed content downloads except image, audio, video and text formats.
  • Chrome 85 (released September 2020): Will warn on mixed content downloads of images, audio, video, and text and will block all other mixed content downloads.
  • Chrome 86 (released October 2020) and beyond: Will block all mixed content downloads.

Courtesy: Google

Google justified the phased rollout of the feature as being “designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see”. Also, Chrome will delay the rollout for Android and iOS users by one release, and Chrome users on Android and iOS will receive the 83 version first, since “mobile platforms have better native protection against malicious files, and this delay will give developers a head-start towards updating their sites before impacting mobile users,” according to Google.

You May Also Like


MediaNama’s report on Network Security Preparedness in India was supported by ISOC APAC.  As the Internet grows, its foundational design flaw of not having...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ