Google made significant strides toward making HTTP websites less appealing to visit. Since Chrome 94, the web browser has displayed a full-page warning to dissuade you from visiting an unsecured website. This complements the "not secure" label that shows up in the address bar when you try to open a non-HTTPS website. In June of last year, Chrome added a toggle to "Always use secure connections." When enabled, that feature will attempt to switch your connection to the HTTPS version of a website if you've initially landed on its HTTP version, just like many of the best web browsers do. Now, Google is poised to extend that same protection to downloads that come from an HTTP source.

New code spotted in Chrome Gerrit indicates the search giant is preparing to introduce a new security option for blocking “insecure” downloads from HTTP sites. This essentially builds upon the existing toggle that automatically switches your connection to HTTPS. At present, the security option is under development, but it’s said to be coming to more testers when Chrome 111 launches in March, per 9to5Google.

It is perhaps worth noting that Chrome already blocks insecure downloads. More specifically, unencrypted downloads and online forms are automatically blocked, even if they originate from an HTTPS website. This occurs when you click an HTTPS download link and are rerouted to an insecure HTTP server. With the upcoming feature, Chrome will block any and all downloads coming from a non-HTTPS source.

However, if you're willing to take risks to get the file you need, 9to5 notes that it is still possible to circumvent the block — making it merely another sort of security warning instead of an absolute safeguard against unsafe downloads.

Given that Chrome 111 isn’t expected to hit production until March, the upcoming protection tool may arrive later this year. It is likely that, like any other Chrome feature that is initially released for testing, it will be hidden behind a Chrome flag that you will have to discover for yourself.