Google is working on an HTTPS-Only Mode for Chrome
Following in the footsteps of browsers like Mozilla Firefox and Microsoft Edge, Google Chrome is also in line to receive an HTTPS-Only Mode that will upgrade all unencrypted HTTP connections to encrypted HTTPS alternatives, where possible.
Currently, the new Chrome HTTPS-Only Mode is still under development in Chrome Canary distributions.
Work is being done to add specific settings in the browser's interface, and no actual HTTP-to-HTTPS functionality is currently present.
While work on this new feature is being done in Chrome Canary 93, it is unclear if the new HTTPS-Only Mode will ship with the stable version of Chrome 93, set to go live in August this year.
Currently, Chrome 93 includes a new flag located at chrome://flags/#https-only-mode-setting that, when enabled, adds a new option named "Always use secure connections" in the Chrome browser security settings.
Chrome's work on adding an HTTPS-Only Mode comes after Mozilla added a similarly named feature to Firefox in v83.
Earlier this month, Microsoft also added a feature named Automatic HTTPS to its Edge flagship browser.
Currently, around 82.2% of all internet sites support HTTPS connections. Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts for 90% to 95% of their daily user traffic.
In a report last month analyzing the rollout of its HTTP-Only Mode, Mozilla said Firefox upgraded HTTP traffic to HTTPS only for 3.5% of web pages, as 92.8% were loading via HTTPS connections already.
In previous years Google has taken similar steps to promote the use of HTTPS technology, including:
- making HTTPS the default protocol in its address/search bar [see announcement here]
- auto-updating mixed content from HTTP to HTTPS [see announcement here]
- blocking HTTP downloads initiated from seemingly secure HTTPS pages [see announcement here]
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.