Friday, November 27, 01:25
Home security Google is blocking mixed downloads and MiTM attacks

Google is blocking mixed downloads and MiTM attacks

In April last year, h Google had contacted other manufacturers browsers in an effort to persuade them to step up security of users their, blocking mixed downloads.

Google's suggestion was to block browsers from downloading files HTTP. In particular, the exclusion will apply when downloading the file starts from one website HTTPS.

Now, Google has announced that it will apply this plan to Chrome browser, in the coming months.

Google says it blocks these types of downloads because they are a risk to the security and privacy of users. They could allow "Man-in-the-middle”(MiTM) attack.

“Files sent through mixed content can be transferred malicious programs from invaders they can acquire access in the banking of users, ”Google said.

What exactly will block Google;

According to a timetable published by Google, the changes will begin to apply to Chrome 83, which will be released in June. From there, any new version of Chrome will block "dangerous downloads".

However, Google will not block all HTTP downloads.

For example, the company will not block HTTP downloads coming from HTTP sites. The reason is that Chrome already warns users in this case. It informs them that the site they are visiting is not secure by pointing “Not Secure” at the URL bar.

Target is blocking unsafe downloads from sites that appear to be secure (HTTPS) but downloads are not (uploaded via HTTP).

According to Google, the presence of HTTPS at the site URL cheats them users and makes them think that it is also downloaded via HTTPS. But in some cases this is not the case.

Google wants these cases to stop.

The change won't suddenly happen with the new version of Chrome. Google has released a six-step process that will gradually block HTTP downloads from HTTPS sites:

  • Chrome 81 (March 2020): Chrome will display a warning about all downloads of mixed content.
  • Chrome 82 (April 2020): Chrome will warn for downloads of mixed executable files (eg .exe).
  • Chrome 83 (June 2020): Chrome will block mixed executable files and alert for mixed archives (.zip) and disk images (.iso).
  • Chrome 84 (August 2020): Chrome will block mixed executables archives, archives and disk images and will alert you to all other downloads of mixed content (except image, audio, video, and text).
  • Chrome 85 (September 2020): Chrome will alert downloads of mixed image, audio, video and text content and block all other downloads.
  • Chrome 86 (October 2020): Chrome will block all downloads of mixed content.

This is illustrated in the following figure:

However, Google said it understands that in some controlled conditions, like the intranets, mixed downloads aren't that risky. For these cases, there is a policy Google Chrome (InsecureContentAllowedForUrls) enabling HTTP downloads in controlled environments.

The managers sites will be able to check if their sites comply with this new policy through Google Chrome Canary. To do this, they need to enable the following Chrome flag:

chrome: // flags / # treat-unsafe-downloads-as-active-content

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

00:02:04

The value of Bitcoin and other digital currencies fell

The value of Bitcoin and other digital currencies fell on November 25, which triggers scenarios regarding the duration of the explosion ...

Which are the countries with the most economical internet?

Although the Internet is available in almost every country in the world, the cost of subscription, speeds and salaries of citizens ...

How to choose which extensions will appear in the Firefox toolbar

If you are using extensions with Mozilla Firefox and want to add or remove some extension icons from the toolbar, you can ...

WhatsApp OTP Scam: steps to avoid hackers

WhatsApp is gaining more and more reputation as one of the most used mobile messaging applications worldwide, with more users ...

Sophos notifies some customers that their personal information has been exposed

The British cybersecurity and hardware company Sophos sent an email to some of its customers to inform them that their personal ...

A $ 6 million fine was imposed on Facebook for data sharing

Facebook has been fined 6,7 billion won (about $ 6 million) for sharing user data from Korea without ...

How to turn off "Blood Oxygen Monitoring" on the Apple Watch

Apple Watch Series 6 and newer versions come with "blood oxygen monitoring" function. It records even in the background the ...

Ransomware attack hits Baltimore school district!

The Baltimore School District was attacked by ransomware on Nov. 25 and shut down its affected network systems. THE...

Google Chrome: Execute commands via the address bar

Google has released a new feature in Google Chrome 87 that lets you run commands from the address bar.

Belden: Network device maker under cyber attack!

The manufacturer of network devices "Belden" was attacked by cyber, as a result of which the hackers behind it stole files containing information ...