Chrome, Google wants to block potentially dangerous downloads

In the future, Google Chrome will block high-risk downloads from unprotected websites. In future builds the browser will integrate a function that will prevent users from downloading executable files or archives provided over an HTTP connection initiated by HTTPS sites. The browser will mark these files as mixed content, originally blocking the attempt to download them.

As stated by Emily Stark, Chrome's security engineer, on the public mailing list of the World Wide Web Consortium (W3C), the intent Google is pursuing is to establish the right balance between user vulnerabilities and security improvements , starting with the treatment of specific high-risk downloads initiated by seemingly safe sites.

Among the files marked there are the executables (Windows EXE, DMG for Mac and CRX for Chrome extensions) and most of the archive formats (ZIP, GZIP, BZIP, TAR, RAR and 7Z).

Emily Stark also pointed out that the intent of the Chrome team is to make web browsing safer for users, and asked if other browsers were interested in participating in the project, which is still under development.

To this last question, Mozilla's response (also extremely focused on user security and privacy) was not long in coming, which immediately showed an interest in the integration of this function in Firefox. Daniel Veditz, head of security, said: "We would be happy to move in this direction. Any statistics that will be shared will be of great help. The risky downloads from secure corporate sites, which could do better, are distressingly common ”.

Finally, Google has also announced a new feature to automatically block downloads initiated by advertising frames, without any user activation.