Chrome 68 releases July 24, will flag HTTP sites with 'Not Secure' warning

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Google already warned unencrypted sites earlier this year that all HTTP connection-based webpages will be prominently marked as "Not Secure" beginning in July once Chrome 68 launches. That version of Google's web browser is set for rollout on July 24, which means all insecure sites will begin to face mounting pressure to switch to using HTTPS.

Initially, the "Not Secure" warning began to be displayed in the address bar for HTTP sites that collect passwords and credit card information. Later, it was implemented on portals where any data was entered over an insecure connection and on all HTTP pages visited in Incognito mode. With the new changes, Google will start condemning all insecure sites that continue to stick to the HTTP configuration.

HTTPS is designed to encrypt the connection between your computer and the site you visit so that information being transmitted remains protected from the prying eyes and interference of third-parties. The wider rollout of the warning message on HTTP sites marks a significant step in Google's efforts to get every website to embrace HTTPS as its default protocol for secure communication instead of being just an option.

Google also plans to remove the "Secure" label on HTTPS web pages in Chrome 69 which is set for release in September. While some users may see it as a backward move, Google is hoping that by removing Chrome’s positive security indicator, it will give users the idea that the web is safe by default.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Other features as well

Chrome 68 includes two anti-malvertising features

The biggest of these, at least on the security front, are Chrome's new blocking mechanisms for tactics often employed by online malvertisers.

For example, Chrome now blocks shady iframes (which are embedded on a page) from redirecting the entire parent page to another URL. These changes have been slowly implemented since Chrome 64 and have now been rolled out in full.

The only way an iframe will be allowed to redirect the main page to a new URL is only if the user has directly interacted with the iframe. Since most iframes used in malvertising campaigns are usually placed off-screen, this change should block malicious ads from redirecting users to new sites, while still allowing single-sign-on (SSO) login pages or similar technologies to work as intended.

Second, Chrome now also fully blocks tab-under behavior. Tab-under is when users click on a link, but a shady website opens the URL in another tab and keeps the old tab alive, while also using the old tab to load another URL with a bunch of ads. The tab-under technique is found all over the web and has become a problem in recent years.

Google first announced tab-under blocking last year, and it rolled out a first tab-under blocking mechanism in Chrome 65. Today, Google is making a formal announcement of this feature, which will show warnings like the one below every time it blocks a shady site trying to duplicate its tab and use one to show ads.

Chrome 68 is also another milestone, but on another security front. Chrome 68 represents Phase 2 of Google's larger plan of preventing third-party software (mostly antiviruses) from injecting code into the main Chrome process. As Google explained last November:

Chrome 68 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software.

Google plans to remove the ability to inject third-party code into Chrome and block this behavior altogether starting with January 2019.

Read more here

Chrome 68 Released With Warnings on HTTP Sites, But Also Other Security Features
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
Other features as well

Chrome 68 includes two anti-malvertising features

The biggest of these, at least on the security front, are Chrome's new blocking mechanisms for tactics often employed by online malvertisers.

For example, Chrome now blocks shady iframes (which are embedded on a page) from redirecting the entire parent page to another URL. These changes have been slowly implemented since Chrome 64 and have now been rolled out in full.

The only way an iframe will be allowed to redirect the main page to a new URL is only if the user has directly interacted with the iframe. Since most iframes used in malvertising campaigns are usually placed off-screen, this change should block malicious ads from redirecting users to new sites, while still allowing single-sign-on (SSO) login pages or similar technologies to work as intended.

Second, Chrome now also fully blocks tab-under behavior. Tab-under is when users click on a link, but a shady website opens the URL in another tab and keeps the old tab alive, while also using the old tab to load another URL with a bunch of ads. The tab-under technique is found all over the web and has become a problem in recent years.

Google first announced tab-under blocking last year, and it rolled out a first tab-under blocking mechanism in Chrome 65. Today, Google is making a formal announcement of this feature, which will show warnings like the one below every time it blocks a shady site trying to duplicate its tab and use one to show ads.

Chrome 68 is also another milestone, but on another security front. Chrome 68 represents Phase 2 of Google's larger plan of preventing third-party software (mostly antiviruses) from injecting code into the main Chrome process. As Google explained last November:

Chrome 68 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software.

Google plans to remove the ability to inject third-party code into Chrome and block this behavior altogether starting with January 2019.

Read more here

Chrome 68 Released With Warnings on HTTP Sites, But Also Other Security Features

Is this enable by default? Where do you find these settings?
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Is this enable by default? Where do you find these settings?
I think there are some new changes in the Settings

1) In Privacy & Security there's 'Automatically send some system information and page content to Google to help detect dangerous apps and sites'
2) In Privacy & Settings ==> Content you can see 'Pop-ups and redirects'
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
This is great, actually comodo has this feature on their browsers
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top