Cybersecurity News Kinetic Potential

Chrome to Turn HTTPS on by Default for Public Sites

Wed, 10/29/2025 - 10:22 / 0 Comments

To improve the security of users, Google next year will change Chrome’s default settings so that the browser will navigate only to websites that support HTTPS.

The ‘Always Use Secure Connections’ setting was introduced in Chrome in 2022, as an opt-in feature, and was turned on by default in Chrome 141 for a small percentage of users, for testing.

Starting October 2026, when Chrome 154 is projected to arrive, the ‘Always Use Secure Connections’ setting will be on by default for all users, for all public sites.

When encountering a site that does not use a secure connection, Chrome will display a warning and ask for the user’s explicit permission to navigate to it.

The use of HTTPS connections, Google explains, makes the browsing experience more secure for Chrome’s users, as it prevents attackers from hijacking the navigation.

“When links don’t use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks,” Google says.

Even websites that have adopted HTTPS may prove risky if they serve a single HTTP connection. The user, Google says, may not notice the insecure connection, if the site immediately redirects to HTTPS domains and Chrome does not display the ‘Not Secure’ URL warning.

More than 95% of websites already rely on encrypted connections, and Google’s recent experiment with the ‘Always Use Secure Connections’ setting on by default showed that Chrome displayed the unsecure connection warning for less than 3% of navigations.

“Once ‘Always Use Secure Connections’ is the default and additional sites migrate away from HTTP, we expect the actual warning volume to be even lower than it is now,” the internet giant notes.

Google has reached out to multiple organizations responsible for these insecure connections and expects them to fully transition to HTTPS within the next year. Most of the HTTP navigations, it explains, come from websites that immediately redirect to HTTPS sites.

Furthermore, a recently introduced local network access permission should help unblock the migration of websites serving mixed content (over both secure and insecure connections) to HTTPS, as it will allow websites to bypass the mixed content checks once enabled.

Prior to turning the ‘Always Use Secure Connections’ setting on by default in Chrome 154, Google will enable it in April 2026, in Chrome 147, for users who opted-in to Enhanced Safe Browsing protections in Chrome.

To completely disable the warnings for HTTP sites, users will simply have to disable the ‘Always Use Secure Connections’ setting.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
5 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts