Google shared details on its plan to make Chrome downloads more secure across desktop, Android and iOS.
According to a blog post from the Chrome security team, the browser will gradually increase security measures surrounding downloads over the next few releases. To start, Chrome 82 — due out in April — will warn users if they try to download ‘mixed content executables’ from a secure website. In other words, if you try to download an insecure program or app from a secure website, Chrome will issue a warning.
The reason for the change, as explained in the blog, is that insecure downloads pose a risk to users’ security. One example cited by Google is that attackers can swap out insecure downloads for malware. Alternatively, eavesdroppers can read insecurely downloaded files, such as bank statements or wireless bills.
Further, Chrome 83 will block insecure executable downloads and the popular internet browser will begin issuing warnings about insecure archive files. Archive files include ‘.zip’ and ‘.iso’ file extensions.
With Chrome 84, the browser will also block archive files and will warn users about all other insecure filetypes, such as PDFs, Word documents getting a warning. Chrome 85 will begin blocking insecure filetypes and warning users about everything else, including images, audio and video files.
Finally, Chrome 86 — expected in October — will block all insecure downloads. The chart below illustrates the progression.
Additionally, the Android and iOS versions of Chrome will block insecure downloads as well, but the progression will be delayed by one release. So, Chrome on mobile devices will begin warning users about insecure executables in version 83 and will block all insecure downloads by version 87. This is because mobile platforms have “better native protection against malicious files.”
Google isn’t the only company adding more security features to its browser. Microsoft is testing a new feature for the revamped Edge browser that would block potentially unwanted downloads. While similar in nature, Chrome’s blocker focuses on insecure downloads while Edge tries to block crapware like toolbars bundled with apps.