In a decision to enhance user security and privacy, Google is making its browser security settings easy. In an interview, the Chrome security group claimed that https:// pages will only be capable of loading safe (https://) subresources. The alteration will not take place instantly, but in a sequence of gradual steps.
As per Google, Chrome consumers now invest more than 90% of their browsing time on HTTPS on all major services. But it is common for those safe pages to load unsafe HTTP subresources. A number of those subresources are by default banned, but some sneak in as audio, images, and video, or “mixed material.” That mixed content can place consumers at risk.
Starting with Chrome 79, Chrome will operate towards banning by default all mixed content. To smooth the procedure, it will launch the alteration incrementally. Chrome 79 will add a new setting in December to unban mixed content on particular websites. In January next year, Chrome 80 will upgrade automatically all mixed video and audio resources to HTTPS, and it will block them automatically if they fail to load with HTTPS. Lastly, in February next year, Chrome 81 will upgrade automatically all mixed pictures to HTTPS, and as with video and audio, ban those that do not load over HTTPS.
Once the alterations are concluded, consumers will not have to speculate whether the subresources they are seeing are HTTPS or HTTP. And the slow launch out must offer developers time to shift to HTTPS with their mixed content.
On a related note, it is difficult for anybody to stay on top of the seemingly endless string of data hacks. To assist consumers with this hurdle, Google made a tool for its Chrome browser which checks automatically whether passwords have been negotiated. Google launched the extension of Password Checkup for Chrome in February this year.