For the past decade, Google was a huge HTTPS proponent and has successfully pushed it to the next level. But now Chrome is enhancing its security operations by blocking the mixed content.
According to Google, “Chrome users now spend over 90% of their browsing time on HTTPS on all major platforms.” However, the issue of securing all HTTPS configurations still persists, with some secure pages seeing sub-resources load over HTTP.
The mixed content includes images, audio, and video although many of the browsers now block scripts and iframes by default. The problem with adding mixed content is that it confuses the browser security UX as the pages are presented to it as neither secure nor insecure. This is because hackers can tamper with mixed images and can even inject a tracking cookie into a mixed resource load.
Google is fixing this by blocking all the mixed content but the transition will be slow so that both users and developers have time to adjust with the rollouts. Google intends to implement this starting with its Chrome 79 update that is currently in the development channel and once it enters the browser it will begin blocking all the mixed content by default. According to reports the process will start this December and will end with Chrome 81 by next year.