Research

Upcoming Chrome update will label HTTP sites 'not secure'

Upcoming Chrome update will label HTTP sites 'not secure'

The latest change will debut on Chrome 68, though it will be a part of all later versions to encourage webmasters to switch to HTTPS application protocol.

The encryption keeps malicious actors away from messing with web pages - for example, inserting ads or altering websites to send you to a bogus sign-in page. Data is kept secure from third parties, and users can be more confident they are communicating with the correct website.

"Chrome's new interface will help users understand that all HTTP sites are not secure, and continue to move the web toward a secure HTTPS web by default", Google explained in a draft blog post due to be published today and provided in advance to The Register.

Google will label all unencrypted web pages as "not secure" in a forthcoming Google Chrome browser update.

More news: Dow closes more than 1000 points down for second time this week

Google has announced it will be labelling all HTTP sites as "not secure" with the release of Chrome 68.

Google's Chrome browser will soon flag every site that doesn't use HTTPS encryption. For Chrome traffic on Android, that number is 68 percent.

Google in July introduced HTTP Strict Transport Security (HSTS) on its google.com domain to stop users accidentally navigating to insecure HTTP URLs. From a user's perspective, the main difference between HTTP and HTTPS is that all HTTPS traffic is encrypted by default, which means it's more secure from snooping, especially on public networks.

Emily Schechter, Chrome Security Product Manager, adds, "HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP". To keep things moving in right direction, Google's open-source Lighthouse tool now has an audit feature that lets developers see which resources are being loaded with HTTP and which of those can be simply upgraded to HTTPS.