The difference between HTTPS and HTTP Web protocols is now widely known, and for those who don't have an idea, the former is more secure and sends information in an encrypted form, while the other is an indication that the website you're visiting may not be so secure. Most websites in today's times load on HTTPS, but there are still a few websites that offer mixed content. This means that some HTTPS sites load additional content like images, videos, and audio over the insecure HTTP network. Google wants to put an end to this practice as well, and it's looking to begin the transition to block mixed content with Chrome 79.
In Chrome 79, Google will start the work to block all mixed content on HTTPS websites by offering an option to unlock the content on specific sites. This can be done by going into Settings found in the lock icon next to the HTTPS link in the address bar.
Detailing the need to block mixed content, Google notes in its blog, “Browsers block many types of mixed content by default, like scripts and iframes, but images, audio, and video are still allowed to load, which threatens users' privacy and security. For example, an attacker could tamper with a mixed image of a stock chart to mislead investors, or inject a tracking cookie into a mixed resource load. Loading mixed content also leads to a confusing browser security UX, where the page is presented as neither secure nor insecure but somewhere in between.”
Chrome 79 will roll out in December this year. Google will begin blocking mixed audio and video resources with Chrome 80 that should release to users in January next year. Users can unblock affected audio and video resources by going into Settings. As for mixed images, they will be allowed to load, but Chrome will then show a “Not Secure” chip in the omnibox. With the February 2020 release of Chrome 81, Google plans to block mixed images by default as well.
Google is asking developers to migrate their mixed content to HTTPS immediately to avoid warnings and breakage. It has detailed some ways to do this in its blog post.