Nix to the mix: Chrome to block passive HTTP content swirled into HTTPS pages

Warns site owners: images, audio and video will be banned in a gradual process

Google Chrome will block passive mixed HTTP content since early 2020

Google has announced the upcoming changes to the Chrome web browser that will prevent image, audio and video content from loading if it is served over HTTP.

A typical web page includes content from multiple sources, and is not really encrypted unless all content is served through HTTPS. Chrome already blocks most HTTP content on HTTPS pages, including active content such as scripts and iframes, but allows media to load. Google admitted that this is insecure and noted:

Google also wrote here about the risks of even mixed passive content:

Even if the attacker does not alter the content of his site, he still has a big privacy problem where the attacker You can track users through mixed content requests. The attacker can determine what pages a user visits and what products he sees based on the images or other resources that the browser loads.

Google plans a gradual process. Chrome 79, which will be fully launched in December, will move the settings to unlock mixed content to Site Settings, instead of the current shield icon. Chrome 80, which will be launched early in January 2020 and will be launched completely about seven weeks later, will automatically update HTTP links for video and audio to HTTPS, and block them if they are not loaded. The images will still load but will cause an "Unsecured" label to appear in the address bar. Chrome 81, scheduled for early release in February 2020, will extend this to images.

This performance test shows only a small impact when moving to HTTPS

The fact that the content is encrypted does not guarantee that it is not malicious, but it makes it difficult for attackers to intercept requests and manipulate the content. [19659005] The disadvantage of HTTPS is that there is a performance penalty, but not a large one. The speed comparison test here shows only a small difference (less than 10 percent) between HTTP and HTTPS, but a big difference when you advance to HTTP / 2, which is more than 2.5 times faster in this test.

Google In any case, the message is simple: you will have to move everything to HTTPS to avoid Chrome warnings and search penalties. ®

Sponsored:
Beyond the data frontier

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc