For the past decade, Google was a huge HTTPS proponent and has successfully pushed it to the next level. But now Chrome is enhancing its security operations by blocking the mixed content.
According to Google, “Chrome users now spend over 90% of their browsing time on HTTPS on all major platforms.” However, the issue of securing all HTTPS configurations still persists, with some secure pages seeing sub-resources load over HTTP.
The mixed content includes images, audio, and video although many of the browsers now block scripts and iframes by default. The problem with adding mixed content is that it confuses the browser security UX as the pages are presented to it as neither secure nor insecure. This is because hackers can tamper with mixed images and can even inject a tracking cookie into a mixed resource load.
Google is fixing this by blocking all the mixed content but the transition will be slow so that both users and developers have time to adjust with the rollouts. Google intends to implement this starting with its Chrome 79 update that is currently in the development channel and once it enters the browser it will begin blocking all the mixed content by default. According to reports the process will start this December and will end with Chrome 81 by next year.
Google Launches a New Skills Initiative for the Singaporeans
Google Invests $4.5 bilion in Jio Platforms Ltd for a 7.73% Stake
Google rolled out a website to help users stay away from COVID-19 scam
Google partnering with Journalists Association of Korea
Huawei coming up with its own search engine to challenge Google
© 2020 CIO Bulletin. All rights reserved.