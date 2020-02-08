Google has decided that just hoping that you won’t download unknown files over unsecured connections is not enough. Therefore, Google will try to prevent you from doing this in Chrome as a whole.

Starting with Chrome 82, the popular web browser gives a gentle warning that downloading executable files – i.e. H. .Exe, .apk – over HTTP is a bad idea, and an on-screen prompt prompts you to reconsider.

Later, when Chrome 83 is released in June 2020, Chrome simply prevents executables from being downloaded over non-HTTPS connections. In future versions, the gentle warnings will have disappeared and it should not be possible to download anything – MP3s, PNGs, ZIP archives as you call them – unless this is done via HTTPS.

Related: Best VPNs

Joe DeBlasio, a software engineer working for the Chrome security team, shared the details in a lengthy post along with a schedule in case the file over HTTP cascade drops (see above).

“As a first step, we focus on unsafe downloads that started on secure sites. These cases are particularly worrying as Chrome is currently not giving users any indication that their privacy and security are at risk.

“Starting with Chrome 82 (released in April 2020), Chrome is gradually warning about these mixed content downloads and blocking them later. File types that pose the greatest risk to users (e.g. executables) are affected first, and subsequent versions cover other file types.

“This step-by-step introduction is designed to quickly mitigate the worst risks, give developers the ability to update websites, and minimize the number of warnings Chrome users need to see.”

Related: A new version of Opera has just landed

Desktop platforms – d. H. Windows, MacOS, Linux and of course Google’s own Chrome operating system – benefit from this safety-first approach before iOS and Android, the updates of which are delayed by one release cycle.

DeBlasio encourages developers to fully migrate to HTTPS “to avoid future restrictions” and indicates stricter restrictions on downloading content in the future.

This suggests that, even after October, persistent users will likely find a way to download LinKin_p4rK_numbMP3.exe over HTTP by adjusting security settings. In the future, Google may remove this selection completely from the user. In the meantime, if you accidentally damage the family PC, don’t say you weren’t warned.

Freelance writer

Thomas Newton has been reporting on British consumer technology and telecommunications for over ten years and is currently working for Trusted Reviews as a freelance writer mainly focused on weekend news and …

Unlike other websites, we thoroughly review all of the information we recommend and use industry-standard tests to evaluate the products. We will always tell you what we find. We can receive a commission if you buy through our price links.

Let us know what you think – send an email to the publisher