Copyright forbes
Chrome security update confirmed — in 12 months. Anadolu Agency via Getty Images There are more than 3 billion users of the Google Chrome web browser, and if you discount the 400,000 who use it on their iPhone, every single one will be more than used to security updates. With two emergency updates for zero-day vulnerabilities within the space of just one single week, the stakes have been upped recently. The good news is that Google continues to improve the security of Chrome, and not just in terms of vulnerability detection and patching as exampled by the development of the Big Sleep AI tool, but also with other defensive evolutions. Google has today confirmed one such security update which will impact billions of users. That upgrade will drop in October. The bad news is that it is October 2026. ForbesGmail Passwords Confirmed Within 183 Million Account Infostealer LeakBy Davey Winder Google Confirms HTTPS By Default For Chrome 154 “One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections,” Google has now officially confirmed. What does this mean for the billions of people who sue the Chrome web browser as their daily driver? Simply this, as from the release of Chrome 154, the browser will ask for their permission before any access is enabled to any public site that has not adopted the HTTPS protocol. The what now? OK, back to basics: the Hypertext Transfer Protocol is the HTTP bit you see in the web address bar when you enter a web address URL. It’s the protocol that allows the client, that’s you, or rather your web browser, to request information from a web server, the site you are connecting to, and deliver it to you across the ether. It’s how the web works. Well, how it works insecurely, that is, because without the use of the updated Hypertext Transfer Protocol Secure protocol, shown by the use of https at the front of the URL, the communication between client and server, browser and site, is not secure. The encrypted HTTPS connection enables a secure transfer of data between the two in transit. Which doesn’t mean you can just click on anything, as hackers, cybercriminals, and fraudsters can use HTTPS connections just as easily as the next person. However, as Google said, “When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks.” MORE FOR YOU ForbesPayPal Users Warned ‘Do Not Pay, Do Not Phone’ As Attackers StrikeBy Davey Winder Get Ahead Of The Google Timetable And Change This Chrome Setting Now The main problem that Google is addressing, it would seem, is that HTTP connections are invisible to the user, with many sites automatically and immediately redirecting to a HTTPS alternative. Which is a good thing, but it does mean that Chrome doesn’t get a chance to display a not secure message warning to the user. “To address this risk, we launched the ‘Always Use Secure Connections’ setting in 2022 as an opt-in option,” Google said, adding that Chrome 154 will enable this by default. Enable always use secure Chrome connections now. Davey Winder The implication is as evident as it is essential for your security: you can either wait 12 months and remain relatively insecure for the duration, or go change that setting now. I trust you know what to do: Head for Google Chrome|Settings|Privacy and Security|Security now… ForbesAct Now — Microsoft Issues Emergency Windows Update As Attacks BeginBy Davey Winder Editorial StandardsReprints & Permissions
