Google has published a plan to add new mechanisms in Chrome to protect against unsafe file downloads. In Chrome 86, which is scheduled to be released on October 26th, all types of files will be uploaded via links from pages opened via HTTPS, only when files are uploaded using the HTTPS protocol. It is noted that unencrypted file downloads can be used to commit malicious activity by spoofing content during MITM attacks (e.g. an attacking home router malware can spoof downloaded applications or intercept sensitive documents).
The blocking will be implemented gradually starting with the release of Chrome 82, which will issue a warning when attempting to download executable files via links from HTTPS pages. In Chrome 83, a lock will be enabled for executable files and a warning will be issued for archives. In Chrome 84, you will be able to block archives and generate a warning message for documents. In Chrome 85, documents will be locked and a warning message will be displayed if you cannot safely upload images, video, sound and text that will start to be locked in Chrome 86.
In the more distant future, it is planned to completely stop supporting file downloads without encryption. In the Android and iOS releases, the blocking will be implemented with one release lag (instead of Shrome 82 - in 83, etc.). In Chrome 81, the "chrome://flags/#treat-unsafe-downloads-as-active-content" option will appear in the settings, which will allow you to enable the output of warnings without waiting for the release of Chrome 82.
Comments (1)