Chrome will soon try HTTPS first when the users type an URL and they forget to add the HTTP or HTTPS prefix.
From bringing in innovative features like Site Isolation and passionately working behind the scenes at the CA/B Forum to enhance the state of the TLS certificate business, we all need to be grateful to the Chrome team.
And, in the past few years, Chrome engineers showed huge interest in pushing and encouraging the use of HTTPS, both inside their browser and also between the website owners.
As a part of these efforts, Chrome tries HTTPS first this means Chrome will now try to upgrade the websites from HTTP to HTTPS whenever it finds that a website has an SSL certificate installed.
Additionally, Chrome brought enhanced password protection that warns the users while they enter password or payment card credentials on unsecured HTTP pages, from where they might be sent over a network in the plaintext.
In the current Chrome version, while a user types link in the Chrome address URL bar, Chrome will load the typed link, regardless of protocol. However, if the user fails or forgets to type the protocol, Chrome will add “http://” in front of the text and try to load the domain through HTTP.
For instance, in Chrome’s current versions, typing something like domain.com will load “http://domain.com.”
But this will change in Chrome 90, which is scheduled to be released in mid-April, this year. As per Chrome security engineer Emily Stark’s statement, with Chrome 90, the Omnibox (Chrome address URL bar) will load all the domains where the domain was left out via HTTPS, with an “https://” prefix instead.
Users who want to test the latest feature can do so already in Chrome Canary.
They can test the feature by visiting the following Chrome flag and enable the feature:
chrome://flags/#omnibox-default-typed-navigations-to-https
Subscribe to our newsletter for the latest security news right from the security and research industries.
