Google Chrome enables default warnings for insecure HTTP public websites
Security Tool/Service
Summary
Hide ▲
Show ▼
Google Chrome will begin warning users by default before opening insecure HTTP public websites, reducing exposure to MITM attacks and attacker-controlled navigation. The change turns on Always Use Secure Connections by default, so users are more likely to land on HTTPS versions of sites or approve an exception before proceeding. Google says the rollout starts with Chrome 154 in October 2026, after an earlier staged enablement for over 1 billion users in April 2026.
Related Happenings
Chromium JavaScript background RCE flaw
Vulnerability
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/Service
First: 09.04.2026 21:33
Last: 09.04.2026 21:33
Sources 1
About this happening:
Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/ServiceAbout this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google security patch release for CVE-2026-5281
Security Patch Release
First: 01.04.2026 13:25
Last: 01.04.2026 13:25
Sources 1
About this happening:
**Google** issued **emergency Chrome updates** to fix **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU** that was **exploited in the wild**, creating crash, corruptio...
Google security patch release for CVE-2026-5281
Security Patch ReleaseAbout this happening: **Google** issued **emergency Chrome updates** to fix **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU** that was **exploited in the wild**, creating crash, corruptio...
Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)
Vulnerability
First: 01.04.2026 13:25
Last: 01.04.2026 13:25
Sources 1
About this happening:
**Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...
Chrome/Dawn actively exploited use-after-free flaw (CVE-2026-5281)
VulnerabilityAbout this happening: **Google Chrome Stable Desktop** on **Windows, macOS, and Linux** is getting an **emergency fix** for **CVE-2026-5281**, a **use-after-free** flaw in **Dawn/WebGPU**. Google says...
Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout
Security Tool/Service
First: 24.03.2026 19:23
Last: 24.03.2026 19:23
Sources 1
About this happening:
**Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...
Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout
Security Tool/ServiceAbout this happening: **Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...
Timeline
-
28.10.2025 19:00 2 articles · 7mo ago
Google Chrome enables default warnings for insecure HTTP public websites
Initial DisclosureChrome will first enable **Always Use Secure Connections** for public sites for **over 1 billion users** in **April 2026** through **Chrome 147**. That staged phase is meant to surface sites that still rely on HTTP before the default warning change in **Chrome 154**.
Show sources
- Google Chrome to warn users before opening insecure HTTP sites — www.bleepingcomputer.com — 28.10.2025 19:00
- Chrome to Make HTTPS Mandatory by Default in 2026 — www.infosecurity-magazine.com — 29.10.2025 18:00