Skip to main content

Google Chrome will start getting aggressive with non-secure HTTP sites in January

Google’s Emily Schechter of the Chrome Security Team said on Thursday that starting with Chrome 56, slated to arrive in January 2017, the browser will visually inform users when HTTP sites are not securing the transmission of their credit card information and/or passwords. Google will eventually list all HTTP sites as non-secure, so this is a step in that direction.

Right now, Chrome visually indicates a secured website with a green HTTPS label in the address bar. However, when users visit a non-secure HTTP website, the browser throws up a neutral indicator indicating that the user might be at risk from a non-secure connection. According to Schechter, someone on the network could modify the HTTP website before it reaches the user’s browser.

When Chrome 56 lands next year, the browser will add a “not secure” label to the left of the website’s address in addition to the neutral indicator when the site doesn’t secure the form fields of credit card numbers and passwords.

Eventually all HTTP pages will don the red non-secure triangle that the company currently uses for broken HTTPS websites. However, getting to that point will be gradual, and based on “increasingly stringent criteria.” One step in that direction will be labeling HTTP pages as non-secure when users are browsing the Internet in incognito mode.

If you’re not sure what HTTPS is all about, it’s short for HyperText Transfer Protocol Secure. That essentially means all data passed between the website and the user’s browser is encrypted so that hackers intercepting the transmission can’t access your credentials. The technology behind this encrypted transmission is called Secure Sockets Layer, or SSL, and essentially each side has a “key” to decrypt the data transmission, locking hackers out.

Unfortunately, HTTP sites don’t do this, allowing anyone to “eavesdrop” on the transmission between a webpage and its visitors. Even worse, hackers can modify these websites, after gaining login credentials, to install malware. And although Chrome warns users that they could be at risk in accessing an HTTP website, not all users perceive this warning as a lack of security. Even more, according to Schechter, users can become “blind” to warnings that occur too many times.

“A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing,” Schechter said. “We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.”

Google’s plan for identifying non-secure websites reveals that HTTP sites accessed by Chrome will still work, and that the company has no plans to block these sites within the browser. However, this plan mainly addresses the concerns of websites that have yet to transition to HTTPS, and lists ways sites can grab free and cheap keys (certificates) for setting up a secure connection. A number of set-up guides can be found here as well.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Google Chrome’s latest update solves the browser’s biggest problem
Google Chrome icon in mac dock.

Google Chrome is one of the best browsers around, but it's always had a big problem with memory usage. It's finally addressing the issue in a new Chrome 110 update that promises to reduce RAM usage by up to 30% and make the browser for efficient.

Chrome has a reputation for its speed, security, and feature drops, as well as a penchant for hanging on to your precious RAM like an episode of Hoarders. Granted, Google has made strides in improving Chrome's memory efficiency by hibernating tabs in the background, but it still struggles with it compared to Microsoft Edge or Mozilla Firefox.

Read more
Google may have just fixed Chrome’s most annoying problem
A Macbook with Google Chrome opened to a Gmail inbox.

While Google Chrome is one of the best web browsers, over the years it has gained a reputation for being something of a resource hog, gobbling up your PC’s memory like it’s going out of style. That can be a problem if you’re running other resource-heavy tasks and don’t want things to slow down. Now, Chrome has been updated with two new features that cut down on memory usage and extend your laptop’s battery life, according to Google. The changes are set to roll out today with the latest release of Chrome on desktop (version m108).The first new feature, dubbed Memory Saver, is designed to reduce the amount of memory Chrome’s tabs use. It does this by freeing up memory from inactive tabs, and putting them to sleep so they can’t monopolize your system’s resources. When you need to access the tabs again, they will be reloaded and become active. The goal of Energy Saver, meanwhile, is fairly self-explanatory -- helping your laptop battery last longer -- but it does so in a somewhat interesting way. When your battery drops to 20%, Chrome will try to prolong your battery life by “limiting background activity and visual effects for websites with animations and videos.”Presumably, this means Chrome will limit the kind of flashy effects that have made a comeback in web design in recent years. Google says that when these new features launch, users will still be able to customize them to their liking. You can disable either Memory Saver or Energy Saver (or both), and mark certain websites as exempt in Chrome’s settings. The changes could turn out to be important. While Chrome has managed to become the dominant Windows web browser and one of the best browsers for Mac, it has been plagued by poor memory management for years. If Memory Saver and Energy Saver are able to help ameliorate that -- and make your battery last longer too -- then Google might have gone some way to fixing Chrome’s biggest problem. Both Memory Saver and Energy Saver will be launched globally over the next few weeks. The features are coming to Chrome on Windows, macOS, and ChromeOS.

Read more
Half of Google Chrome extensions may be collecting your personal data
Google Chrome icon in mac dock.

Data risk management company Incogni has found that half of every installed Google Chrome extension has a high to very high risk of collecting personal data, showing a strong correlation to the number of permissions given.

After analyzing 1,237 Chrome extensions found in the Chrome Web Store, a study by Incogni has uncovered some troubling findings. Nearly half (48.7%) of the extensions were found to potentially expose users' personally identifiable information (PII), distribute malware and adware, and record passwords and financial information.

Read more