In future Chrome updates, Google will introduce new rules for certain items that load on web pages, such as images and videos. If these items are not secure, the browser will block them by default.
Google is working hard to secure the web. Since 2013 and the revelations of Snowden, it is clear that the net giant mobilizes its influence to marginalize connections without encryption (HTTP). Various measures have been taken to encourage sites to switch to secure connections (HTTPS), which establish a secure channel with the user.
In 2014 for example, Google has made this protection a criterion of referencing on its search engine. The Mountain View company also used its web browser, Google Chrome, to more clearly prevent Internet users when they go to pages without encryption of the connection. A warning that the American company strengthened with time.
This effort will continue with the next three versions of Google Chrome. Beginning of October, a roadmap has been unveiled to discuss what Google plans to do about "mixed content" - content (such as images, videos, sound files, scripts or iframes) that is loaded in HTTP on pages which are nevertheless in HTTPS.
The challenge is the safety of Internet users. The American company evokes a scenario where an attacker would falsify an image of a stock market chart to fool an investor. Another reason is in the message sent to the user, since it is on a page supposed to be secure, but which is not completely secure, because of elements that are loaded without security.
Transition in three phases
From Chrome 79, which is scheduled for December 10Google will deploy a new setting that will allow the user to unblock the mixed content on the sites of his choice. This setting, accessed through the lock icon next to the address bar, will be for scripts, iframes, and other content that Chrome is already blocking by default.
With the next release, Chrome 80, expected the February 4 2020, the transition will continue by targeting sound and video resources. The browser will try to load them in HTTPS and, if it can not, it will block them by default. Again, users will have access to the setting described above if they want to display them anyway. Images will not be affected, but Chrome will display a warning.
It's with Chrome 81, which will arrive during the spring, that the case of the images will be set. Google will apply the same recipe: it will try to load them in HTTPS. In case of failure, they will be blocked by default. Chrome 81 will mark the end of this switch. In practice, Google seems to think that this blockage will not necessarily affect the display of websites, thanks to forced loading in HTTPS.
In addition, encryption of connections has become the norm on the web. On a dedicated pageGoogle believes that 90 100 largest sites in the world, apart from his own, offer secure links. And these hundred sites account for about 25% of global web traffic. Finally, the deadline left by Google and the very progressive nature of future rules on mixed content will also limit the breakage, leaving time for sites to adapt to this new situation.
This article appeared first on https://www.numerama.com/tech/567834-pourquoi-google-chrome-va-bloquer-par-defaut-certaines-images-et-videos.html#utm_medium=distibuted&utm_source=rss&utm_campaign=567834