- Google has decided to ban unsafe downloads on Chrome entirely, and have a timeline for it.
- With each new version, Chrome will get stricter, until version 86 when all HTTP downloads will be blocked.
- The Chrome on mobile platforms will stay a release behind in regards to this implementation.
Up until now, Google Chrome has been warning users when they tried to download executables like “.exe” files, or archives like “.zips” from websites that didn’t have trustworthy certificates and which don’t follow the HTTPS protocol. Google has decided to take the next step in the upcoming versions of Chrome, going from displaying warnings to actually blocking the downloads. The following is the timeline that has been published in Google’s Security Blog, determining what is going to happen and when.
- Chrome 81 which is expected to be released in March 2020 will display a console warning for all file types.
- Chrome 82 expected to be released in April 2020 will warn on the downloads of executable files.
- Chrome 83 which is to be released in June 2020 will block the download of executables and will warn on archive downloads.
- Chrome 84 which is expected in August 2020 will block executables, archives and disk images, and will display a warning for “.pdf” and “.docx” files.
- Chrome 85 which is set for release in September 2020 will block all of the file types mentioned above and will warn on the downloading of images, audio, video, and text files.
- Chrome 86 which is planned for release in October 2020 will block all mixed content downloads without exceptions.
The rollout of Chrome for the Android and iOS mobile platforms will be delayed by one release, so the warnings will appear with version 83 there. This is to allow the developers of mobile websites the time to update their online platforms, and because iOS and Android have better intrinsic protection against the downloading of malicious files. All that said, by the end of 2020, the only downloads that will be allowed in Chrome must come through HTTPS websites, otherwise, they will be blocked.
If you want to know more about why it is important to pay attention to whether a website uses HTTP or HTTPS, read our detailed analysis that will help you tell the difference. Simply put, HTTPS adds a layer of encryption between you and the server. Moreover, it uses a digital certificate that’s signed by a trusted authority, so it is there to signify that you’re browsing a safe and verified place. Some browsers like the “Brave” for example, automatically check if a website you’re trying to visit has an HTTPS version, and redirect you there instead.