🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 Protecting users from insecure downloads in Google Chrome

🕛 Zeit seit Veröffentlichung: 1525 Tage, 1 Stunden 48 Minuten
📆 Veröffentlicht am: 06.02.2020 um 19:00 Uhr
💡 Newskategorie: Programmierung
🔗 Quelle: blog.chromium.org

Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files. In a series of steps outlined below, we’ll start blocking "mixed content downloads" (non-HTTPS downloads started on secure pages). This move follows a plan we announced last year to start blocking all insecure subresources on secure pages.

Insecurely-downloaded files are a risk to users' security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements. To address these risks, we plan to eventually remove support for insecure downloads in Chrome.

As a first step, we are focusing on insecure downloads started on secure pages. These cases are especially concerning because Chrome currently gives no indication to the user that their privacy and security are at risk.

Starting in Chrome 82 (to be released April 2020), Chrome will gradually start warning on, and later blocking, these mixed content downloads. File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types. This gradual rollout is designed to mitigate the worst risks quickly, provide developers an opportunity to update sites, and minimize how many warnings Chrome users have to see.

We plan to roll out restrictions on mixed content downloads on desktop platforms (Windows, macOS, Chrome OS and Linux) first. Our plan for desktop platforms is as follows:

Diagram of when warnings will take affect

In Chrome 81 (released March 2020) and later:

Chrome will print a console message warning about all mixed content downloads.

In Chrome 82 (released April 2020):

Chrome will warn on mixed content downloads of executables (e.g. .exe).

In Chrome 83 (released June 2020):

Chrome will block mixed content executables.
Chrome will warn on mixed content archives (.zip) and disk images (.iso).

In Chrome 84 (released August 2020):

Chrome will block mixed content executables, archives and disk images.
Chrome will warn on all other mixed content downloads except image, audio, video and text formats.

In Chrome 85 (released September 2020):

Chrome will warn on mixed content downloads of images, audio, video, and text.
Chrome will block all other mixed content downloads.

In Chrome 86 (released October 2020) and beyond, Chrome will block all mixed content downloads.

Example of a potential warning

Chrome will delay the rollout for Android and iOS users by one release, starting warnings in Chrome 83. Mobile platforms have better native protection against malicious files, and this delay will give developers a head-start towards updating their sites before impacting mobile users.

Developers can prevent users from ever seeing a download warning by ensuring that downloads only use HTTPS. In the current version of Chrome Canary, or in Chrome 81 once released, developers can activate a warning on all mixed content downloads for testing by enabling the "Treat risky downloads over insecure connections as active mixed content" flag at chrome://flags/#treat-unsafe-downloads-as-active-content.

Enterprise and education customers can disable blocking on a per-site basis via the existing InsecureContentAllowedForUrls policy by adding a pattern matching the page requesting the download.

In the future, we expect to further restrict insecure downloads in Chrome. We encourage developers to fully migrate to HTTPS to avoid future restrictions and fully protect their users. Developers with questions are welcome to email us at security-dev@chromium.org.

Posted by Joe DeBlasio, Chrome Security team

...

Sharing is caring on Social Media

📌 google has released a new chrome extension called password checkup, which alerts users when it detects them using insecure passwords.

🕛 1889 Tage, 22 Stunden 2 Minuten
📆 06.02.2019 um 22:21 Uhr
📈 22.07 Punkte

📌 CVE-2015-9514 | Easy Digital Downloads Free Downloads Extension up to 2.3.6 on WordPress add_query_arg cross site scripting

🕛 84 Tage, 3 Stunden 38 Minuten
📆 17.01.2024 um 16:46 Uhr
📈 20.34 Punkte

📌 Has Facebook in past under Authorized Logins when logged in with phone using Google Chrome (for example) used to mention only "Google Chrome" or also "Google Chrome on Iphone 6" (phone brand/type is only an example). Or is phone b

🕛 1682 Tage, 1 Stunden 17 Minuten
📆 02.09.2019 um 17:40 Uhr
📈 19.03 Punkte

🏠 Team IT Security News

📚 Protecting users from insecure downloads in Google Chrome

Sharing is caring on Social Media

Join the Team IT Security Community