Google has announced it will start protecting users from insecure downloads with the rollout of the new version of Chrome.
Chrome 82 will be released in April and will be the first iteration of the browser to specifically warn users of file downloads that could be malicious.
“Insecurely-downloaded files are a risk to users’ security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users’ insecurely-downloaded bank statements,” Google explained.
The company said each subsequent version of the browser will implement more drastic measures for insecure file downloads and Chrome will eventually remove support for these downloads completely.
Risk by file type
“File types that pose the most risk to users (e.g., executables) will be impacted first, with subsequent releases covering more file types,” Google said.
The company claimed the gradual rollout is designed to tackle the worst risks quickly and give web developers a chance to update sites and minimise the number of warnings Chrome users will have to see.
The following versions will warn and eventually block archives (compressed files), other file types (documents) and then media types (images, audio, video).
The updates will be rolled out to desktop versions of the browser on Windows, macOS, Chrome OS and Linux first. The updates will be delayed by one browser version for Android and iOS platforms, with warnings starting in Chrome 83.
Google said this was because mobile platforms provide better native protection for insecure downloads.
The image below shows which Chrome browser versions will warn about and block suspicious downloads.