Thursday, October 21, 2021

Chrome will soon use HTTPS automatically when users type URL without prefix

Must Read

China Released New Law Regarding vulnerability disclosure rules

The Cyberspace Administration of China (CAC) Released a New Law Regarding vulnerability disclosure rules that mandate security researchers to...

Vulnerabilities in Atlassian domains Could takeover Any Atlassian Account

Vulnerabilities that could allow XSS, CSRF and one-click account takeovers in Atlassian subdomains have been patched.Atlassian, a platform used...

Smart Doorbells Are Open to Various Security Flaws

A consumer rights group has discovered security vulnerabilities from 11 popular smart doorbell products on just two of the...

Google’s developers are some of the most enthusiastic promoters of browser security features over the past few years and, along with Firefox and Tor browsers, have often followed the many changes that have made browsers what they are today.

From pioneering features like Site Isolation and working secretly to the CA / B Forum to improve the business status of the TLS certificate, we should all be very grateful to the Chrome and Incoming Groups When users type a URL and forget to enter HTTP or HTTPS startup, Chrome will soon be using HTTPS by default.

But one of the biggest areas of interest for Chrome developers over the past few years has been the pressure to promote and use HTTPS, both within their browser and also among website owners.

As part of these efforts, Chrome is now trying to upgrade sites from HTTP to HTTPS where HTTPS is available.

Chrome also warns users when they are about to enter passwords or payment card data on unprotected HTTP pages, from where they can be sent directly to the network.

Chrome also blocks downloads from HTTP sources if the URL of the page is HTTPS — preventing users from being misled into thinking that their download is secure and isn’t.

UPCOMING CHANGES IN CHROME OMNIBOX COMING SOON IN V90

But even though almost 82% of all Internet sites work on HTTPS, these efforts are far from over. The latest version of this first HTTPS update will come to Chrome 90, scheduled for release in mid-April, this year.

The change will affect Chrome Omnibox — a term used by Google to describe the Chrome address bar (URL).

In current versions, when users type a link to Omnibox, Chrome will upload a typed link, without a protocol. But if users forget to type the protocol, Chrome will add “HTTP: //” in front of the text and try to load the domain via HTTP.

For example, typing something like “domain.com” in the current loads of Chrome installation “http://domain.com.”

This will change on Chrome 90, according to Chrome security engineer Emily Stark. Starting with v90, Omnibox will load all domains where the domain is left with HTTPS, with the “HTTPS: //” prefix instead.

“Right now, the system will serve as a small percentage of user experience in Chrome 89, and fully deployed in Chrome 90, if everything goes according to plan,” Stark explained on Twitter this week.

Users who would like to explore the new method can do just that in Chrome Canary. They can visit the following Chrome flag and enable the feature:

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This