The now widespread adoption of HTTPS is partly due to Google, which over time has leveraged the popularity of Chrome to bring webmasters and online platform managers to use the protocol by progressively abandoning the less secure HTTP. Today the Mountain View group announces a new initiative pointing in the same direction.
Chrome: via unsafe content from HTTPS pages
Starting next year the browser will start to block the display of contents deemed unsafe within the HTTPS pages. The reference is not only to videos or other multimedia elements, but also to scripts, iframes and portions of code that could implement malicious behavior, endangering the user, his device and the information contained therein. Currently, this type of mixed content is not labeled as “Not Safe” by Chrome and therefore could be a tool in the hands of cyber criminals. Here is the reason for what is announced today by bigG.
In any case, it will not be an immediate measure: we will start with the 79 version at its debut in its stable edition in December and that will offer users the possibility of allowing the uploading of these contents in the sites that they consider safe. They can do so by clicking on the padlock icon shown in the address bar and then selecting “Site Settings”. By doing so, everyone will be able to create a sort of whitelist in view of the changes that will be introduced later.
With the 80 release of the software, which is expected to be released in January 2020 within the Dev channel, the “Not Safe” warning will be shown during navigation. With the 81th edition coming the following month, the browser will try to load the HTTP contents in HTTPS, blocking the display if the attempt does not go through.