Image: Google
Google engineers have been some of the most fervent promoters of browser security features in recent years and, along with the teams behind the Firefox and Tor browsers, are often behind many of the changes that have shaped browsers to what they are today.
From pioneering features such as site isolation and behind the scenes work at the CA / B Forum to improving the state of the TLS certificate business, we all owe a huge gratitude to the Chrome team.
But one of the biggest areas of interest for Chrome engineers in recent years has been to push and promote the use of HTTPS, both within their browsers, but also among website owners.
As part of these efforts, Chrome now tries to update sites from HTTP to HTTPS when HTTPS is available.
Chrome also warns users when they are about to enter passwords or payment card data on unsecured HTTP pages, from where they can be sent over a network in plain text.
And Chrome also blocks downloads from HTTP sources if the URL of the page is HTTPS – to prevent users from being tricked into thinking that your download is safe, but not really.
Changes in Chrome Omnibox coming to the v90
But even though about 82% of all Internet sites run on HTTPS, these efforts are far from over. The last of these HTTPS changes will first arrive on Chrome 90, scheduled to launch in mid-April this year.
The change will affect Chrome’s Omnibox – the name Google uses to describe Chrome’s address bar (URL).
In current versions, when users type a link into Omnibox, Chrome loads the typed link, regardless of the protocol. But if users forget to type the protocol, Chrome will add “http: //” in front of the text and try to load the domain via HTTP.
For example, typing something like “domain.com” in current Chrome installations loads “http://domain.com”.
That will change in Chrome 90, according to Chrome security engineer Emily Stark. As of v90, Omnibox will load all domains where the domain has been omitted via HTTPS, with a prefix “https: //”.
“Currently, the plan is to act as an experiment for a small percentage of users on Chrome 89 and launch fully on Chrome 90, if everything goes according to plan,” Stark explained on Twitter this week.
Users who want to test the new engine can now do so in Chrome Canary. They can visit the following Chrome flag and enable the feature:
chrome: // flags / # omnibox-default-typed-navigations-to-https
Image: ZDNet