Google had released an update for its Chrome web browser during this April that fixes a range of security flaws, including a zero-day vulnerability that is known to be actively exploited by malicious actors.
The bugs affect the Windows, macOS, and Linux versions of the popular browser. It now introduces HTTPS-Only will actively warn you when a connection to a site is not secure. This feature will actively warn you when visiting a site with an unsecured connection.
This is part of a larger move to try and dissuade users from using websites that utilise unsecured connections, which means your activity is potentially open to being monitored by a third party.
Google already marks websites that use HTTP protocols as ‘unsecure’ and could potentially be a threat that could see sensitive information like banking details fall into the wrong hands.
The ‘HTTPS-only’ toggle will be disabled by default but it is worth noting that Chrome already tries and establishes connections to HTTPS versions of websites. When it can’t find a secure connection Chrome warns you that it is loading an HTTP site and asks if you want to proceed. When you turn on the ‘HTTPS-only mode,’ Chrome will automatically “upgrade” websites from HTTP to HTTPS protocol. Chrome, by default, uses the HTTPS protocol unless mentioned otherwise by a user.
The browser will also give you the option to remember the sites that you visit with the older protocol and will not show you a warning the next time you visit them.