Google’s engineers are revered in the browser industry. They have been some of the most ardent proponents of browser security features. Over the past few years, they have been working with teams behind browsers like Tor and Firefox, to bring about many of the changes we see in browsers today.
We owe the Chrome team a debt of gratitude since they were the first to pioneer features like Site Isolation and were behind the CA/B Forum’s efforts to improve the TLS certificate business.
Next level for Chrome
The Chrome team is taking its efforts to the next level with a feature that will upgrade sites from HTTP to HTTPS when HTTPS is available. Chrome also warns users when they are about to enter sensitive personal information on unsecured HTTPS pages.
Chrome blocks downloads from HTTP sources, if the page exists as HTTPS, to prevent users from being tricked into thinking that their downloads are secure when they actually are exposed.
The efforts of the team are not done, even if 82% of the internet websites run on HTTPS. The latest HTTPS changes will arrive in Chrome 90, scheduled for release sometime in April, this year.
The change will affect the Chrome Omnibox (what Google calls the address (URL) bar). In the current versions, when users type a link in the Omnibox, Chrome will load the typed link, no matter the protocol.
If the users forgot to type the protocol, Chrome adds HTTP:// in front of the link and tries to load the domain using HTTP.
In Chrome 90, this will no longer be the case, according to engineer Emily Stark. All domains where the user forgot to add the proper protocol, will start with HTTPS.