18 December 2019
Google Chrome, one of the top browsers today gains many new features via its regular updates. But the primal duty of the company towards its Chrome browser is to make its super influential place a safer place to browse for the users. That’s how Google has made some serious efforts for the browser and following the continuity, Chrome will get some advanced powers to fight against the insecure content present in HTTPS pages.
The widely used protocol HTTPS on the internet was introduced for secure communication and to protect users against eavesdropping, where attackers could secretly relay and possibly alter the data flowing between two parties. In February 2018, Google announced that its Chrome browser would mark HTTP sites as “Not Secure” and encourage website owners to implement HTTPS as well. The same year, Google started marking the HTTP websites as "Not Secure" in an attempt to assist web developers to shift to a much secure HTTPS protocol.
But unfortunately, the websites with HTTPS badge started including the insecure content. It’s unknown whether they are intentional actions or not but whatever the case is, they are still not safe for the users. This insecure content also called the mixed content load subresources insecurely via plain HTTP. These subresources include images, videos, and even scripts, iframes or embedded web pages.
So, even being the secure web page, they can still put the users’ safety at risk via those pieces of content that may be loaded externally or through other channels.
So, starting with Chrome version 80 which is coming in January 2020, Google will even mark the HTTPS pages with mixed content as Not Secure, thus making users more aware of the possible scenarios that could take their safety at risk.
Chrome will also attempt to auto-upgrade those mixed content to HTTPS but if it fails, it will just block them and this action will happen in February 2020 by Chrome 81.
So, Google is giving the developers a heads up so that they could do necessary changes for an interrupted web browsing experience for their users.
In a series of steps starting in Chrome 79, Chrome will gradually move to blocking all mixed content by default. To minimize breakage, we will autoupgrade mixed resources to https://, so sites will continue to work if their subresources are already available over https://.
This means Chrome 79 coming this December will allow users to enable a setting to opt-out of mixed content blocking on particular websites. Google will introduce a new setting to unblock content on specific sites.