Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Google Adds HTTPS-First Mode to Chrome

Google is about to give Chrome users a small security boost with new functionality that will attempt to automatically upgrade web pages to HTTPS.

Dubbed HTTPS-First mode, the feature resembles the HTTPS-only mode in Firefox.

Google is about to give Chrome users a small security boost with new functionality that will attempt to automatically upgrade web pages to HTTPS.

Dubbed HTTPS-First mode, the feature resembles the HTTPS-only mode in Firefox.

With HTTPS, eavesdroppers can’t access the data transmitted between the web browser and the server on which a website is hosted, as sensitive information and credentials are encrypted.

For years, Google and other Internet companies out there have been actively advocating for the wide adoption of HTTPS across the web, both there still are websites that don’t use encryption yet, thus posing a threat to their users. At the moment, approximately 90% page loads in Chrome are over HTTPS.

With HTTPS-First Mode enabled, Chrome 94 will attempt to upgrade all page loads to HTTPS and will warn users when landing on a page that doesn’t support encryption, allowing them to connect to the HTTP page if they choose to.

“Based on ecosystem feedback, we’ll explore making HTTPS-First mode the default for all users in the future. Mozilla has also shared their intent to make HTTPS-only mode the future of web browsing in Firefox,” Google says.

The HTTPS-First mode will also bring changes to the lock icon that Chrome typically displays when a site loads over HTTPS. As an experiment, Chrome 93 will replace the lock icon with “a more neutral entry point to Page Info,” but a “Not Secure” indicator will continue to be displayed on websites that lack HTTPS support.

Even with the HTTPS-first mode, Chrome will continue to support HTTP connections, but will impose restrictions when it comes to loading specific resources, to ensure that users are protected.

Advertisement. Scroll to continue reading.

“Continuing from our past efforts to restrict new features to secure origins and deprecate powerful features on insecure origins, we’ll evaluate a broad set of web platform features to determine if they should be limited or restricted on HTTP webpages,” Google says.

Related: Google Confirms Sixth Zero-Day Chrome Attack in 2021

Related: Chrome for Windows Gets Hardware-enforced Exploitation Protection

Related: Attackers Leverage Locally-Loaded Chrome Extension for Data Exfiltration

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

The Zero Day Dilemma

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...