Google’s plan to label HTTP sites as non-secure in a more precise and accurate way will happen by steps. Image Source: Komando

Google (NASDAQ: GOOGL), announced last Thursday its Chrome internet browser would warn users about non-secure websites beginning in January 2017. The move aims to protect sensitive information like passwords and credit card details from being stolen.

Chrome Security Team member Emily Schechter disclosed the news through a post on Google’s Online Security Blog. From then on, Chrome will indicate connection security with an icon in the address bar to help users browse the web safely.

Historically, Chrome didn’t explicitly warn users about HTTP connections, but the Chrome 56 browser version will start marking HTTP sites that deal with passwords or credit cards as non-secure. Eventually, Google intends to flag all HTTP sites as such.

Too many websites are being lax with the security of your passwords and credit card information, and Google says enough is enough. Image Source: Komando
Too many websites are being lax with the security of your passwords and credit card information, and Google says enough is enough. Image Source: Komando

Chrome currently shows HTTP connections with a neutral indicator that doesn’t reflect the real security dangers for HTTP connections. When users load a website over HTTP, someone else on the network can look at the site, and even modify it, before it gets to them.

Google wants sites to go from HTTP to HTTPS

The transition from HTTP to HTTPS is constantly increasing, and Google seeks to accelerate that movement with its new security plan. One way to establish an encrypted HTTP connection, and therefore make it more secure, is HTTP Secure (HTTPS).

At the moment, more than half of Chrome desktop page loads are now serving over HTTPS, and since Google released its HTTPS report on February, 12 of the top 100 websites changed their serving default from HTTP to HTTPS.

Google’s plan to label HTTP sites as non-secure in a more precise and accurate way will happen by steps. Chrome 56 will deal with HTTP pages that handle password or credit card details, and subsequent releases will label all sites as non-secure regardless of their nature.

Google plans to get more secure websites could arrive sooner than expected with the HTTPS' rapid introduction to all platforms. Image Source: Dito
Google plans to get more secure websites could arrive sooner than expected with the HTTPS’ rapid introduction to all platforms. Image Source: Dito

The tech giant vowed to publish updates about the matter and insisted pages shouldn’t wait to move to HTTPS. According to Google, HTTPS is now easier and cheaper and offers better performance as well as new features that HTTP can’t handle.

About Google Chrome’s security

Now and then Chrome retrieves updates of phishing and malware blacklists to warn users when they visit potentially harmful sites. Google has download scanning protection since Chrome 17 and features the Incognito mode for private browsing.

Between 2009 and 2011, no security vulnerabilities in Chrome got exploited in the annual computer hacking contest Pwn2Own. However, at the 2012 edition, a French hacker team overcame Chrome’s sandboxing. Google made fixes for the vulnerabilities within 10 hours of the submission.

Source: Google Online Security Blog‎