Nix to the mix: Chrome to block passive HTTP content swirled into HTTPS pages

Google has announced forthcoming changes to the Chrome web browser that will prevent image, audio and video content from loading if they are served over HTTP.

A typical web page includes content from multiple sources, and it is not really encrypted unless all the content is served over HTTPS. Chrome already blocks most HTTP content on HTTPS pages, including active content such as scripts and iframes, but allows media to load. Google admitted this is insecure, noting:

Google also wrote here about the risks of even passive mixed content:

Even if the attacker doesn't alter the content of your site, you still have a large privacy issue where an attacker can track users using mixed content requests. The attacker can tell which pages a user visits and which products they view based on images or other resources that the browser loads.

Google plans a gradual process. Chrome 79, which will be fully released in December, will move the setting to unblock mixed content to Site Settings, in place of the current shield icon. Chrome 80, set for early release in January 2020 and full release around seven weeks later, will auto-upgrade HTTP links for video and audio to HTTPS - and block them if they do not load. Images will still load but will cause a "Not secure" tag to appear in the address bar. Chrome 81, set for early release in February 2020, will extend this to images.

The fact that content is encrypted is no guarantee that it is not malicious, but does make it harder for attackers to intercept requests and tamper with the content.

The downside of HTTPS is that there is a performance penalty - but not a big one. The speed comparison test here shows only a small difference (less than 10 per cent) between HTTP and HTTPS, but a big difference when you step up to HTTP/2, which is more than 2.5 times faster in this test.

Google's message is in any case straightforward: you will have to move everything to HTTPS in order to avoid warnings in Chrome and search penalties. ®

Search
About Us
Website DownloadCrackz provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
Jan 18
Jan 17
Time to burst out graphing: Get the Windows Insider experience... by taping a calculator to your monitor

Microsoft releases a Windows 10 Fast Ring refresh and previews new calc toys

Jan 17
Jan 17
WebAssembly: Key to a high-performance web, or ideal for malware? Reg speaks to co-designer Andreas Rossberg

State of Wasm: 'Better support for high-level languages', plus interesting cross-platform news

Jan 17
Jan 16
The Curse of macOS Catalina strikes again as AccountEdge stays 32-bit

Apple: 'The apps you use every day.' Except that one. And that one. And those are right out

Jan 16