October 30, 2023 at 02:34PM
Google has introduced a new feature called HTTPS-Upgrades to enhance Chrome internet security. It automatically upgrades insecure HTTP requests to secure HTTPS requests for all users. This protects users’ privacy and security by encrypting connections and preventing potential data theft. The update impacts various aspects of browsing and aims to reduce developers’ reliance on HTTP references. This proactive measure is geared towards protecting users on sites that are unlikely to update to HTTPS.
The meeting notes discussed Google’s new feature called HTTPS-Upgrades, which automatically upgrades insecure HTTP requests to secure HTTPS requests. This feature was initially rolled out in July to a limited number of users but has now been made available to all users on the Stable channel as of October 16th.
HTTPS-Upgrades ensures that old links using the http:// protocol are automatically connected to using the encrypted https:// protocol. This feature is important because HTTP connections are not encrypted and can be vulnerable to data theft and snooping.
The upgrade affects main-frame navigations and in-page HTTP links, with a fallback mechanism to HTTP if necessary. It also respects an opt-out header that web servers can use to prevent auto-upgrades.
This upgrade does not prevent downgrades, but it does provide enhanced security and protection against passive attackers. However, active attackers may still be able to hinder the upgrade process.
By implementing HTTPS-Upgrades, Google aims to improve internet security and protect users, particularly on sites that are unlikely to upgrade to HTTPS. This is an important step in the ongoing effort to mark HTTP pages as “Not secure” and encourage the adoption of HTTPS across the web.