Google's Chrome Browser Updates Set to Break Sites!


In the first quarter of 2020, Google Chrome will be releasing a number of updates that have large repercussions for websites that Google perceives to have security issues, which you MIGHT NOT be aware of.

The first change that you might already know about is that Chrome plans to block users from being able to see ALL of your secure sites' resources that are loading from a HTTP (non secure) location.

Here's the current Chrome Browser Update timeline:

  • In December 2019, Chrome 79 was set to block ALL resources that attempt to load from an unsecure HTTP location - by default. As of Chrome Version 79.0.3945.88 Tested 09:44AM - Thursday, January 02, 2020 this is not in place yet. What we're seeing now on Chrome 79 is the same insecure message in the browser address bar that looks like this:

    Not Secure

Then when you click the 'I' in the address bar it generates this popup message:

mixed-content-chrome79.jpg

This was tested with an insecure image on the page AND a form that is submitted to an unsecure URL, neither one are generating the big secure warning Google made us expect... yet.

However, this change can happen overnight and when it does the only way to bypass this default setting is to flip the toggle within Site settings to unblock mixed content on specific sites, which no one will actually do.

site-settings

Then January 2020, Chrome 80 is set to auto upgrade mixed audio and video to HTTPS and block any resources that fail to load over HTTPS by default. If you actually took the time to change the option within your Chrome site settings, mixed images will still be allowed to load but they'll cause Chrome to show a Not Secure warning in the omnibox like the one below.

Not Secure

TO READ THE FULL ARTICLE