Google Chrome will "gradually" block non-HTTPS downloads started on secure pages (mixed content downloads) starting from June 2020, and will eventually block all mixed content downloads by October 2020, it announced in a blog post on February 6. Starting April 2020, Chrome will start warning users whenever they download non secure files such as executables (.exe) on secure pages, which is significant, because in Google's own admission, it currently gives no indication to the user that their privacy and security are at risk. In October 2019, Google had said that it was planning to block mixed content downloads. "Insecurely-downloaded files are a risk to users' security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome," it said in the blog post. What exactly are mixed content downloads? Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS, explained Google. How Chrome plans to eventually block mixed content downloads: As per the blog post, file types that pose the "most risk" to users will be dealt with first, with subsequent releases covering more file types. The measures will be rolled out…
