Chrome Will Soon Try HTTPS First When You Type An Incomplete URL
Google engineers have been some of the most ardent promoters of browser security features over the past few years and, together with the teams behind the Firefox and Tor browsers, have often been behind many of the changes that have shaped browsers into what they are today.
From pioneering features like Site Isolation and working behind the scenes at the CA/B Forum to improve the state of the TLS certificate business, we all owe a great deal of gratitude to the Chrome team.
But one of the biggest areas of interest for Chrome engineers over the past few years has been in pushing and promoting the use of HTTPS, both inside their browser, but also among website owners.
As part of these efforts, Chrome now tries to upgrade sites from HTTP to HTTPS when HTTPS is available.
Chrome also warns users when they're about to enter passwords or payment card data on unsecured HTTP pages, from where they might be sent across a network in plaintext.
And Chrome also blocks downloads from HTTP sources if the page URL is HTTPS —to avoid users getting tricked into thinking their download is secured but actually not.
Changes to the Chrome Omnibox arriving in v90
But even if around 82% of all internet sites run on HTTPS, these efforts are far from done. The latest of these HTTPS-first changes will arrive in Chrome 90, scheduled to be released in mid-April, this year.
The change will impact the Chrome Omnibox —the name Google uses to describe the Chrome address (URL) bar.
In current versions, when users type a link in the Omnibox, Chrome will load the typed link, regardless of protocol. But if users forget to type the protocol, Chrome will add "http://" in front of the text and attempt to load the domain via HTTP.
For example, typing something like "domain.com" in current Chrome installs loads "http://domain.com."
This will change in Chrome 90, according to Chrome security engineer Emily Stark. Starting with v90, the Omnibox will load all domains where the domain was left out via HTTPS, with an "https://" prefix instead.
"Currently, the plan is to run as an experiment for a small percentage of users in Chrome 89, and launch fully in Chrome 90, if all goes according to plan," Stark explained on Twitter this week.
Users who'd like to test the new mechanism can do so already in Chrome Canary. They can visit the following Chrome flag and enable the feature:
chrome://flags/#omnibox-default-typed-navigations-to-https
Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals
The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more
AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments
Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more
Technology Sector Fuels U.S. Economic Growth In Q2
The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more
Tech Start-Ups Advised To Guard Against Foreign Investment Risks
The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more
Global IT Outage Threatens To Cost Insurers Billions
Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more
Global IT Outage Disrupts Airlines, Financial Services, And Media Groups
On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more