Security is something like that Google is taken very seriously (privacy is another matter), so the search giant is working on introducing new security features Chrome which voluntarily block potentially dangerous downloads.

Mountain View is improving the “Always use secure connections” option, which can be found in Settings > “Privacy & Security” and is disabled by default. When this option is enabled with its future options, Google Chrome (and other Chromium browsers that include this option) block downloads that, for example, take place over HTTP on a site that initially uses HTTPS. Depending on the merge request, the lock is triggered in the following situations:

• The page with the download link is not secure.
• The destination URL used is insecure.
• Any redirection is insecure.

The “Always use secure connections” feature is already available in Google Chrome and other Chromium browsers, but Google is working to expand and improve its functionality and is considering adding support for blocking all potentially dangerous downloads in the future. The goal is block any download coming from an HTTP source even when used as an address string redirect.

As it is still under development, it would initially be shipped as a flag that would add additional options to the “Always use a secure connection” option above, so it would require a double activation, one in the flags and others in browser settings.

Blocking insecure downloads is not unusual for Chrome, because Mozilla has been working on something very similar in Firefox for a long time, which is that HTTP connections, because they are not encrypted, give malicious actors the ability to intercept and read the data simply to spy and try perform more complex attacks.