Chrome Will Soon Try HTTPS First When You Type An Incomplete URL
Google engineers have been some of the most ardent promoters of browser security features over the past few years and, together with the teams behind the Firefox and Tor browsers, have often been behind many of the changes that have shaped browsers into what they are today.
From pioneering features like Site Isolation and working behind the scenes at the CA/B Forum to improve the state of the TLS certificate business, we all owe a great deal of gratitude to the Chrome team.
But one of the biggest areas of interest for Chrome engineers over the past few years has been in pushing and promoting the use of HTTPS, both inside their browser, but also among website owners.
As part of these efforts, Chrome now tries to upgrade sites from HTTP to HTTPS when HTTPS is available.
Chrome also warns users when they're about to enter passwords or payment card data on unsecured HTTP pages, from where they might be sent across a network in plaintext.
And Chrome also blocks downloads from HTTP sources if the page URL is HTTPS —to avoid users getting tricked into thinking their download is secured but actually not.
Changes to the Chrome Omnibox arriving in v90
But even if around 82% of all internet sites run on HTTPS, these efforts are far from done. The latest of these HTTPS-first changes will arrive in Chrome 90, scheduled to be released in mid-April, this year.
The change will impact the Chrome Omnibox —the name Google uses to describe the Chrome address (URL) bar.
In current versions, when users type a link in the Omnibox, Chrome will load the typed link, regardless of protocol. But if users forget to type the protocol, Chrome will add "http://" in front of the text and attempt to load the domain via HTTP.
For example, typing something like "domain.com" in current Chrome installs loads "http://domain.com."
This will change in Chrome 90, according to Chrome security engineer Emily Stark. Starting with v90, the Omnibox will load all domains where the domain was left out via HTTPS, with an "https://" prefix instead.
"Currently, the plan is to run as an experiment for a small percentage of users in Chrome 89, and launch fully in Chrome 90, if all goes according to plan," Stark explained on Twitter this week.
Users who'd like to test the new mechanism can do so already in Chrome Canary. They can visit the following Chrome flag and enable the feature:
chrome://flags/#omnibox-default-typed-navigations-to-https
How Fintech Is Revolutionizing Traditional Banking
How fintech is revolutionizing traditional banking is a topic that is garnering positive and immense discourse within th... Read more
Blockchain And Its Impact On Fintech Industry
Blockchain and its impact on Fintech Industry has become a hot topic in the current digital era. The amalgamation of blo... Read more
The Rise Of Fintech In The Digital Era
In the heart of the digital revolution, we've observed a term termed as "fintech" creating a substantial and transformat... Read more
Role Of Fintech In Transforming Retail Banking
The role of fintech in transforming retail banking is producing significant changes in the financial services industry. ... Read more
Fintech Innovations In Asset Management
Financial technology, or FinTech, refers to the blending of financial services with technology. The importance of FinTec... Read more
Exploring The Future Of Accounting Software: Unveiling The Power Of AI
The revolutionary ignition sparked by artificial intelligence (AI) cannot be understated in contemporary business ecosys... Read more