Google has announced that Google Chrome will soon block insecure downloads. Google will introduce this change gradually, at first warning users about executable downloads via HTTP in versions 81 and 82 of the desktop browser.

Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements.

In subsequent versions, the same warn and block process will apply for downloads such as .doc and PDFs, images, videos and music files until, by Chrome version 86 in October, all downloads via HTTP will be blocked.

• Chrome 81 (March 2020) – Chrome will print a console message warning about all mixed content downloads.
• Chrome 82 (April 2020) – Chrome will warn on mixed content downloads of executables.
• Chrome 83 (June 2020) – Chrome will block mixed content executables. Chrome will warn on mixed content archives (.zip) and disk images (.iso).
• Chrome 84 (August 2020) – Chrome will block mixed content executables, archives and disk images. Chrome will warn on all other mixed content downloads except image, audio, video and text formats.
• Chrome 85 (September 2020) – Chrome will warn on mixed content downloads of images, audio, video, and text. Chrome will block all other mixed content downloads.
• Chrome 86 and later (October 2020) – Chrome will block all mixed content downloads.

Chrome will delay the rollout for Android and iOS users by one release, starting warnings in Chrome 83. Mobile platforms have better native protection against malicious files.