CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Google Chrome to Enable HTTPS-First Mode by Default

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Google Chrome will enable HTTPS-First Mode by default in October 2026, warning users before accessing insecure HTTP sites. This change aims to protect users from man-in-the-middle (MITM) attacks and other security threats. The feature will initially roll out to users with Enhanced Safe Browsing in April 2026. Chrome's HTTPS-First Mode will prompt users for permission before accessing HTTP sites, reducing the risk of data interception and manipulation. Users and administrators can disable the warnings if needed. This update follows Google's 2023 HTTPS-Upgrades feature, which automatically upgrades in-page HTTP links to secure connections. Google's long-term goal is to make secure connections the standard across the web. The rollout will occur in two phases, with minimal disruption expected based on early experiments. Internal addresses will be exempt from warnings to avoid unnecessary prompts.

Timeline

  1. 28.10.2025 19:00 2 articles · 13d ago

    Google Chrome to Enable HTTPS-First Mode by Default in October 2026

    Google Chrome will enable HTTPS-First Mode by default in October 2026, warning users before accessing insecure HTTP sites. This change aims to protect users from man-in-the-middle (MITM) attacks and other security threats. The feature will initially roll out to users with Enhanced Safe Browsing in April 2026. Chrome's HTTPS-First Mode will prompt users for permission before accessing HTTP sites, reducing the risk of data interception and manipulation. Users and administrators can disable the warnings if needed. This update follows Google's 2023 HTTPS-Upgrades feature, which automatically upgrades in-page HTTP links to secure connections. The update reflects Google’s long-term goal of making secure connections the standard across the web. The rollout will occur in two phases, with minimal disruption expected based on early experiments. Internal addresses will be exempt from warnings to avoid unnecessary prompts.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Increased Focus on Browser Security Due to Rising Threats

The browser has become a prime target for attackers due to its central role in modern work environments. Attacks exploit vulnerabilities, malicious extensions, and session hijacking to steal sensitive data. The Snowflake breach highlighted the risks, prompting discussions on whether the browser is the new endpoint. Experts emphasize the need for stronger browser security measures to mitigate these threats. The Snowflake attack, which used stolen credentials, underscored the vulnerability of browsers. This incident, along with others like those by Scattered Spider and ShinyHunters, has led to increased awareness of browser security risks. Experts suggest that enterprises should treat the browser as a secure agent and integrate browser security with network and endpoint protections. Attacks on browsers often avoid malware, making detection difficult. Security measures should minimize user friction and integrate browser, network, and endpoint security for comprehensive threat prevention.

Open in new tab

Google Chrome Enterprise Premium Enhances Browser Security for Hybrid Work Environments

Google's Mark Berschadski discussed how Chrome Enterprise is evolving to address the complex security challenges of today's rapidly changing business landscape at the "There's No Place Like Chrome" event. The traditional workplace perimeter has dissolved, leading organizations to pivot to browser-based security to enable work from any device, anywhere. Chrome Enterprise Premium supports zero trust security principles through identity verification, device posture assessment, and continuous verification. It allows organizations to implement granular security policies while maintaining a seamless user experience, making it essential for securing hybrid work environments. Kemmerer and Hudziak addressed common misconceptions about browser security, noting that traditional solutions like VPNs and firewalls often fail in BYOD scenarios. Chrome's extensive telemetry and security features, including Safe Browsing and advanced malware sandboxing, provide IT and security teams with the tools needed to monitor and mitigate risks effectively. The threat landscape is evolving with attackers increasingly targeting human vulnerabilities through social engineering rather than technical exploits. Google Safe Browsing alerts users if they click on a site known or suspected to be involved in nefarious activities, and administrators can prevent access to such sites. Chrome Enterprise and Chrome OS enable security controls at the browser level, allowing for verification of device status, user identity, access rights, and data handling. Chrome Enterprise includes Data Loss Protection (DLP) controls that manage file downloads, printing, and uploads to safeguard intellectual property. It supports secure interactions for third-party contractors and BYOD environments. Google is integrating productivity-enhancing AI capabilities like Gemini into Chrome for enterprise customers later this year, transforming the browser into a secure, productive workspace with customizable controls that adapt to changing organizational needs while effectively managing risk.

Open in new tab