Industry Updates

HTTPS Becomes Default For Google Chrome For Added Security

For the last month or so, Google has been testing the notion of using HTTPS as the default protocol for all URLs a user types into the address bar. Those who have been experimenting with Chrome’s latest Canary build have already seen the new feature in action, and the company has decided to forge ahead.

In the next stable release, it will be formally incorporated into Chrome’s browser experience. Android users can expect to see it when they update to version 90, which is slated to be released on April 13. The iOS rollout is scheduled for an unspecified date later this year.

This is all a part of Google’s ongoing effort to bolster safety on the internet. In this specific instance, the goal is to attempt to thwart “man in the middle” attacks that see hackers intercept un-encrypted web traffic and either steal data or inject malicious code into the data stream.

Chrome team members Shweta Panditrao and Mustafa Emre Acer explain further:

“Chrome will now default to HTTPS for most typed navigations that don’t specify a protocol. For sites that don’t yet support HTTPS, Chrome will fall back to HTTP when the HTTPS attempt fails (including when there are certificate errors, such as name mismatch or untrusted self-signed certificate, or connection errors, such as DNS resolution failure).”

If you’re interested in testing the upcoming feature before it reaches the stable channel, you can do so by enabling the ‘experimental’ flag. Just go to:

chrome://flags/#omnibox-default-typed-navigations-to-https

And enable the option to have HTTPS as the default navigation protocol. Once there, you’ll also have the option to choose either a 3-second or a 10-second timeout to give the browser enough time to determine the availability of the HTTPS URL.

This is an unquestionably good change. Kudos to Google. We’re looking forward to seeing it in the stable release.