Google has announced that they will be blocking mixed content downloads from secure pages (HTTPS).
Following their initial plans to block mixed content (or http:// subresources on https:// pages) on secure pages, Google will slowly start to roll out security updates to Chrome throughout 2020. Google has taken this step-by-step approach to provide developers the opportunity to update their sites. Desktop platforms (on Windows, macOS, Chrome OS, and Linux) will be the first to receive updates as follows:
By March, Google will release the Chrome 81 update, which prints a console message warning about all mixed content downloads. In Chrome 82 (which should be out in April), Chrome will start giving warnings on mixed content downloads. Executable files will be impacted first, with more file types to follow in the future. The June update Chrome 83 will begin blocking mixed content executables while warning archive files and disk images.
On August, Chrome 83’s update will start blocking executables, archives, and disk images, while warning other mixed content downloads except for images, audios, videos, and text formats. The Chrome 85 update scheduled for September will warn users of all mixed content downloads of images, audios, videos, and texts while blocking other types of files. Lastly, the October release of Chrome 86 will block all mixed content downloads.
As for Android and iOS, the rollout will be delayed by one release and will start warnings in Chrome 83. Since mobile platforms have better protection against malicious files, Google is giving developers a head-start to update their websites.
You can read Google’s full blog post here.
