Quote:Google has announced that it will enable HTTPS in Chrome by default next year. I wrote a similar article 2 years ago, about HTTPS-first mode.

Frankly, I'm surprised it has taken this long for Google to make this change. So, what does it do? Well, as the name suggests, it is a setting that forces Chrome to connect to websites using the HTTPS protocol. HTTP requests are unencrypted and hence insecure, and attackers could potentially hijack a request, when a user clicks on a link or types in a URL, taking them to a different website. This could lead to a malware infection, social engineering attack, targeted exploitation, etc. Google says that plaintext HTTP connections are invisible to users, and could redirect to HTTPS sites instantly. It's very easy to miss it.

HTTPS (Hypertext Transfer Protocol Secure) protects against such attacks, your connection is encrypted, any communication is done only with the website's server. HTTPS is widely supported by most websites. Back in 2022, Google introduced an option in Chrome to force the browser to use HTTPS-only, to protect users. Google says that 95% of the web uses HTTPS, but the remaining 5% is still a lot of navigations, and this poses a huge security risk. The announcement notes that the largest contributor to HTTP are private sites. Google believes that this is the right time to enable the setting for all users.

Continue Reading...