Chrome security team recently in a blog post said it plans to make https: // pages no longer load the HTTP sub resources .
According to Google's argument, Chrome users now spend browsing time more than 90% on all major platforms on HTTPS. However, those security page load insecure HTTP child resource is very common. By default, many of these sub-resources are blocked, but some will be as images, audio and video, or "mixed content" sneaked into the mixed content may cause users at risk, such as scripts, iframe and media files.
From the beginning of December this year began testing Chrome 79, Chrome will gradually stop all mixed content. In January 2020, Chrome 80 will automatically upgrade all mixed audio and video resources for HTTPS, if not loaded via HTTPS, it will automatically be blocked. Finally, in February 2020, Chrome 81 will be all mixed images, audio and video automatically upgraded to HTTPS, and prevents those images could not be loaded via HTTPS.
Meanwhile, Chrome 79 will also add a new settings, users can use to cancel the mixing block specific content on the site.
This transition enables developers time to migrate to mixed content on HTTPS.
Similar measures, after we reported, Google Chrome engineer Emily Stark has been proposed in the W3C mailing lists, plan on an HTTPS website disabled by default of some via HTTP download behavior when it comes to downloading EXE, DMG (Mac application binary files), CRX (Chrome extension package) and such as ZIP, GZIP, BZIP, TAR, RAR and 7Z and other mainstream compression / when packaged file, the browser will block the download. The default blocking the download of these file types are considered "high risk" because they are most likely to be abused to hide malicious programs.