Google’s developers are some of the most enthusiastic promoters of browser security features over the past few years and, along with Firefox and Tor browsers, have often followed the many changes that have made browsers what they are today.
From pioneering features like Site Isolation and working secretly to the CA / B Forum to improve the business status of the TLS certificate, we should all be very grateful to the Chrome and Incoming Groups When users type a URL and forget to enter HTTP or HTTPS startup, Chrome will soon be using HTTPS by default.
But one of the biggest areas of interest for Chrome developers over the past few years has been the pressure to promote and use HTTPS, both within their browser and also among website owners.
As part of these efforts, Chrome is now trying to upgrade sites from HTTP to HTTPS where HTTPS is available.
Chrome also warns users when they are about to enter passwords or payment card data on unprotected HTTP pages, from where they can be sent directly to the network.
Chrome also blocks downloads from HTTP sources if the URL of the page is HTTPS — preventing users from being misled into thinking that their download is secure and isn’t.
UPCOMING CHANGES IN CHROME OMNIBOX COMING SOON IN V90
But even though almost 82% of all Internet sites work on HTTPS, these efforts are far from over. The latest version of this first HTTPS update will come to Chrome 90, scheduled for release in mid-April, this year.
The change will affect Chrome Omnibox — a term used by Google to describe the Chrome address bar (URL).
In current versions, when users type a link to Omnibox, Chrome will upload a typed link, without a protocol. But if users forget to type the protocol, Chrome will add “HTTP: //” in front of the text and try to load the domain via HTTP.
For example, typing something like “domain.com” in the current loads of Chrome installation “http://domain.com.”
This will change on Chrome 90, according to Chrome security engineer Emily Stark. Starting with v90, Omnibox will load all domains where the domain is left with HTTPS, with the “HTTPS: //” prefix instead.
“Right now, the system will serve as a small percentage of user experience in Chrome 89, and fully deployed in Chrome 90, if everything goes according to plan,” Stark explained on Twitter this week.
Users who would like to explore the new method can do just that in Chrome Canary. They can visit the following Chrome flag and enable the feature: