Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
October 5, 2019 04:35 pm

Chrome Promises 'No More Mixed Messages About HTTPS '

"Today we're announcing that Chrome will gradually start ensuring that https:// pages can only load secure https:// subresources," promises an announcement on the Chromium blog. It notes that Chrome users already make HTTPS connections for more than 90% of their browsing time, and "we're now turning our attention to making sure that HTTPS configurations across the web are secure and up-to-date."In a series of steps outlined below, we'll start blocking mixed content (insecure http:// subresources on https:// pages) by default. This change will improve user privacy and security on the web, and present a clearer browser security UX to users... HTTPS pages commonly suffer from a problem called mixed content, where subresources on the page are loaded insecurely over http://. Browsers block many types of mixed content by default, like scripts and iframes, but images, audio, and video are still allowed to load, which threatens users' privacy and security. For example, an attacker could tamper with a mixed image of a stock chart to mislead investors, or inject a tracking cookie into a mixed resource load. Loading mixed content also leads to a confusing browser security UX, where the page is presented as neither secure nor insecure but somewhere in between. In a series of steps starting in Chrome 79, Chrome will gradually move to blocking all mixed content by default. To minimize breakage, we will autoupgrade mixed resources to https://, so sites will continue to work if their subresources are already available over https://. Users will be able to enable a setting to opt out of mixed content blocking on particular websites... Starting in December of 2019, Chrome 79 will include a new setting to unblock mixed content on specific sites. "This setting will apply to mixed scripts, iframes, and other types of content that Chrome currently blocks by default..." Then in Chrome 80, mixed audio and video resources will be autoupgraded to https://, and if they fail to load Chrome will block them by default.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/-VIdZFVQ73E/chrome-promises-no-more-mixed-messages-about-https-

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot