Google engineers have been among the biggest promoters of browser security for several years. Together with the teams in charge of Firefox and Tor, they were often the instigators of changes that shaped what our browsers have become today.
Whether it’s implementing pioneering features like site isolation, or working behind the scenes of the CA / B Forum to improve the state of the TLS certification business, we all owe a lot to ‘Chrome team.
But one of the biggest workhorses of the Chrome team remains the promotion of the use of HTTPS, both within Google’s browser, but also among website owners. It is in this context that Chrome will try to update the sites, from HTTP to HTTPS, when HTTPS is available.
Secure Google Chrome
Chrome will also alert users when they are about to enter passwords or payment data on insecure HTTP pages, where they could be sent over a network in clear text.
The browser will also block downloads from HTTP sources, if the page URL is HTTPS, to prevent users from thinking their download is secure when it is not.
Today, around 82% of websites operate over HTTPS. Still, the fight is far from over for the Chrome team. The next change regarding the HTTPS protocol will therefore arrive in Chrome 90, which should be released in April this year.
Change in omnibox
This change will have an impact on the omnibox (name given by Google to the address bar (URL) in the Chrome browser). Currently, if a user types = a link in the omnibox, Chrome loads the typed link, regardless of the protocol. But if the user forgets to type the protocol, Chrome adds “http: //” in front of the text and tries to load the domain via HTTP. For example, if you type “domain.com”, Chrome loads “http://domain.com”.
From Chrome 90 it will be different. Chrome security engineer Emily Stark explains that from then on, the browser will automatically load sites whose protocol is not specified with an “https: //” prefix. “For now, we plan to experiment with a small percentage of users in Chrome 89, for a full launch on Chrome 90, if all goes as planned,” said Emily Stark on Twitter this week.
If you want to try this new feature, it is possible to do so now in Chrome Canary. Just go to chrome: // flags / # omnibox-default-typed-navigations-to-https and activate the “Omnibox – Use HTTPS as the default protocol for navigations” feature.