Quote:Google wants to block some file downloads carried out via HTTP on websites that load via an HTTPS URL.

According to a proposal the browser maker has put forward yesterday, only the download of certain "high-risk" file types will be blocked by default.
 
This includes EXE (Windows application binary), DMG (Mac application binary), CRX (Chrome extension package), and all the major archive formats, like ZIP, GZIP, BZIP, TAR, RAR, and 7Z. These file types are considered "high-risk" because they are most likely to be abused to hide malware.

The idea, according to Google, is to block any of these files when the download takes place via an HTTP connection, even if the site the user is downloading the data from is loaded via secure HTTPS.
 
Google said it's currently not thinking of blocking downloads started from HTTP sites, since the browser is already warning users about the site's poor security via the "Not Secure" indicator in the URL bar.
 
The plan is to block insecure downloads on sites that appear to be secure (loaded via HTTPS) but where the downloads take place via plain ol' HTTP.