Friday, July 23, 2021

Chrome will soon use HTTPS automatically when users type URL without prefix

Must Read

Plex Media servers are being actively abused for DDoS attacks

DDoS-for-hire services are actively abusing plex Media Server systems as a UDP reflection/amplification vector in Distributed Denial of Service...

GoDaddy has confirmed that workers became embroiled in broader cryptocurrency attacks.

GoDaddy workers were exploited to ease attacks on multiple cryptocurrency exchanges through social engineering and phishing. Staff in the domain...

Backdoor accounts found in More than 100,000 Zyxel firewalls, VPN gateways

Dutch cybersecurity researchers have discovered a backdoor account in 100,000 networking devices manufactured by Zyxel, which may grant hackers...

Google’s developers are some of the most enthusiastic promoters of browser security features over the past few years and, along with Firefox and Tor browsers, have often followed the many changes that have made browsers what they are today.

From pioneering features like Site Isolation and working secretly to the CA / B Forum to improve the business status of the TLS certificate, we should all be very grateful to the Chrome and Incoming Groups When users type a URL and forget to enter HTTP or HTTPS startup, Chrome will soon be using HTTPS by default.

But one of the biggest areas of interest for Chrome developers over the past few years has been the pressure to promote and use HTTPS, both within their browser and also among website owners.

As part of these efforts, Chrome is now trying to upgrade sites from HTTP to HTTPS where HTTPS is available.

Chrome also warns users when they are about to enter passwords or payment card data on unprotected HTTP pages, from where they can be sent directly to the network.

Chrome also blocks downloads from HTTP sources if the URL of the page is HTTPS — preventing users from being misled into thinking that their download is secure and isn’t.


But even though almost 82% of all Internet sites work on HTTPS, these efforts are far from over. The latest version of this first HTTPS update will come to Chrome 90, scheduled for release in mid-April, this year.

The change will affect Chrome Omnibox — a term used by Google to describe the Chrome address bar (URL).

In current versions, when users type a link to Omnibox, Chrome will upload a typed link, without a protocol. But if users forget to type the protocol, Chrome will add “HTTP: //” in front of the text and try to load the domain via HTTP.

For example, typing something like “” in the current loads of Chrome installation “”

This will change on Chrome 90, according to Chrome security engineer Emily Stark. Starting with v90, Omnibox will load all domains where the domain is left with HTTPS, with the “HTTPS: //” prefix instead.

“Right now, the system will serve as a small percentage of user experience in Chrome 89, and fully deployed in Chrome 90, if everything goes according to plan,” Stark explained on Twitter this week.

Users who would like to explore the new method can do just that in Chrome Canary. They can visit the following Chrome flag and enable the feature:

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This