Chrome is blocking downloads? Here is why! - gHacks Tech News

ADVERTISEMENT

Chrome is blocking downloads? Here is why!

If you have upgraded the Google Chrome browser to version 86, released on October 6, 2020, you may have noticed that some file downloads don't work anymore in the browser. You click on the download link and nothing happens. Chrome does not display a notification and there is virtually no information that explains what is happening, or not happening in this case. A check of the downloads page of the browser does not even list the file.

The fact that nothing happens can be confusing to users, as the expectation is that the download should begin after clicking on the link.

Google announced in early 2020 that it will block content that is served via the insecure HTTP if the originating page uses HTTPS. The company decided to roll out the feature gradually by adding more and more file types to the blocklist. Executable files, e.g. .exe or .bat, are the first file types to be blocked, and the release of Chrome 86 put that block in place. Future versions of Chrome will block non-executable file types such as PDF, ZIP, or JPG files.

There is only one option to find out if a download is blocked in Chrome, or if it is an unrelated problem, e.g. a server issue.

  1. Select Menu > More Tools > Developer Tools.
  2. Switch to Console in the Developer Tools interface.
  3. Chrome displays a red "Mixed Content" warning for downloads that it blocks. It displays "The site at HTTPS* was loaded over a secure connection, but the file at HTTP* was redirected through an insecure connection. This file should be served over HTTPS. This download has been blocked.

Below is a screenshot of such a message.

chrome blocked downloads

Now that it is clear what happened, it is essential to understand what your options are to download the file.

Right now, the easiest option available is to right-click on the download link and select "save link as". The download is executed when you do that.

Note that some download links, e.g. those powered by JavaScript, won't work with the right-click bypass.

There are other options, and it is possible that Google is blocking downloads via right-clicks as well in the future:

  1. Use a different browser for downloads. Most browsers will follow Google's implementation however and block insecure downloads. For now, a browser like Firefox, Internet Explorer, Brave, Vivaldi, the new Edge, or Opera all allow the download.
  2. Use a download manager. A program like Internet Download Manager, uGet, or Xtreme Download Manager will continue to download files from HTTP sources. Whether the plugins or extensions will pick up the download is another question though, as a blocked download may not be picked up anymore, but right-clicking, saving the URL and pasting it manually in the download manager should work regardless of the browser's blocking settings.

Closing Words

The blocked file types implementation lacks clarity and information. Users who don't know about the Developer Tools won't know why  a file cannot be downloaded in Chrome. The right-click bypass may work for now, but it is not clear that it does and many users may not identify it as the sole option in Chrome to download blocked files. A clear warning, with the option to override, should be displayed instead, as users should be in control of the browser and not the other way around.

Now You: Blocking file downloads without notification, good thing to protect users or user unfriendly behavior?

Summary
Chrome is blocking downloads? Here is why!
Article Name
Chrome is blocking downloads? Here is why!
Description
Find out why some downloads are blocked in the Google Chrome web browser, how to find out why they are blocked, and what you can do about it.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: »

Comments

  1. Anonymous said on October 8, 2020 at 6:14 am
    Reply

    I can’t help thinking that this level of ‘end user protection’ security may help Firefox get a little more traction.
    Why is the computer industry focused on making ‘bottom-feeders’ safe online. Surely everyone needs to learn how to check their downloads for malware no matter whether the source is download via Chrome, Firefox, mail attachment or some other source! “We protect your online safety”. Pigs … they do. The best they do is create a false sense of security.

    1. Steve said on October 8, 2020 at 7:29 am
      Reply

      I’m quite sure ransomware / malware actors can do https for their fake pages and infected downloads. I guess what Google intents to do here is a mix of security and privacy improvement. In other words, not downloading stuff that can be seen or change during transit.

    2. Jim Vanderbilt said on October 8, 2020 at 9:07 am
      Reply

      “Surely everyone needs to learn how to check their downloads for malware”.
      In 2019, there were an estimated 2.6 billion users using Chrome as their browser. You are volunteering to teach the 2.5999 billion ones who “need to learn” ?
      Is it really bottom-feeder vs. normal user ?
      Or normal user vs. geek ?

      1. Mystique said on October 8, 2020 at 1:50 pm
        Reply

        Just because idiots have shifted the line doesn’t mean people are geeks. I don’t even consider myself a geek by your terms because there are far more intelligent people out there than me.
        That truth is people have been lulled into this garbage by the likes of schmucks like google which also have an agenda at hand to have a walled garden and total control in similar fashion to apple.
        I would say browsers like firefox have been hijacked by a bunch of morons and its also headed down the baby path of lets pander to every boneheaded moron that usually will call their “friend” or unfortunate family member which happens to be their free on call 24hr techie because they haven’t bothered to learn a single thing in their entire time on the internet… It’s the “I just use the blasted thing” generation followed by the “you need a degree to use these things”.
        I do feel like computers should be accessible but at some point you have to apply yourself to learn how to do things because I tell you what, your brother, son, daughter, friend etc etc that you come to for all of your computer needs will gradually get fed up of you and won’t even want to see you out of fear of being used again and again. It’s not the ignorance but the laid back stupidity and unwillingness to learn is what puts it over the edge. companies like google and apple are a huge part of the enabler problem.

        These are not normal people by any stretch.

      2. Jim Vanderbilt said on October 10, 2020 at 6:11 am
        Reply

        I am a computer scientist.
        Once more: Normal people don’t give a f*** about “http downloads on https pages”.
        And, I know it’s useless, but anyway: Google has no agenda.

      3. Mystique said on October 8, 2020 at 2:01 pm
        Reply

        This is the equivalent of a person refusing to get a valid drivers permit and then demanding that the roads and road rules be changed to accommodate them which is fairly typical these days but doesn’t make it right at all.

        The easiest solution by far is to stop using google for your browsing needs (you would be doing yourself a favor anyway). Just because they foisted their garbage upon you many years ago by bamboozling you to download and install their browser many years ago along with their toolbar does not mean you should continue to use them. There are other similar options such as ungoogled-chromium, brave, vivaldi to name a few that may not have such restrictions in place.

        There is nothing particularly brilliant that makes Google Chrome better than the rest anyway.

        I don’t expect anything I say would resonate with anyone here in particular because the people that should be hearing this wouldn’t be visiting this site anyway because that would imply they are applying themselves to learn something to perhaps even somewhat enhance their web experience and abilities.

        Carry on everyone.
        Have a great day.

      4. Jim Vanderbilt said on October 10, 2020 at 6:23 am
        Reply

        Stop using google only to support insecure downloads ?
        Nobody foisted their garbage upon me and Chrome is no garbage.
        Other options such as ungoogled-chromium, brave, vivaldi may be similar, but what makes Google Chrome better than the rest is that it will be there next year, while your options have the tendency to disappear in the geek+nerd-nirvana.

      5. Anonymous said on October 9, 2020 at 12:11 am
        Reply

        You miss the main point. People need to learn basic precautions. It is not about somebody else doing it for you or teaching you how to do it. You know the risk. You need to learn how to look after yourself.

      6. Mystique said on October 9, 2020 at 9:07 am
        Reply

        I agree with you entirely on that thought. People do need to learn the basic precautions. People do need to learn how to look after themselves but this is the problem, companies like google put us all into a handbasket and force such measures upon us all because of a few bad apples.

        Maybe Google should prompt users upon installation which version to install, the baby, hold your hand version or the normal average user that way they can also implement all the rubbish features such as this on the crayons and finger paints version and all the advanced features that a normal user would expect and more on the targeted version. It’s never going to happen though because Google wants this, they want to have all the control and dictate to people. Mircrosoft are pretty much the same also.

      7. Jim Vanderbilt said on October 10, 2020 at 6:39 am
        Reply

        “Google wants … to have all the control and dictate to people.”
        On the contrary !
        Google invests (together with Apple) the far most money and efforts to find out what their user want.

      8. Jim Vanderbilt said on October 10, 2020 at 6:33 am
        Reply

        I don’t miss the main point.
        You do not decide what people need to learn. People may not know the risk or they may know the risk and do not care.
        “You need to learn how to look after yourself” – I don’t. I worked in IT security for a decade. That’s how I know that most users do not learn basic precautions.

    3. Anonymous said on October 8, 2020 at 10:38 am
      Reply

      The increasingly missing overrides even for advanced users and lack of proper information on what is going on show that the security of what you call “bottom feeders” is not their main concern here.

      For instance mobile Firefox was now released without any way to disable Google download and browsing protection for advanced users. Google gets to know what you download and can track specific sites. They can also block whatever download or site they want and you can’t do anything about it, bottom or top. Pigs indeed.

      1. Mystique said on October 10, 2020 at 9:19 am
        Reply

        Concerning for sure. Let’s just all agree that corporations with no accountability should not be trusted, we should not expect them to have our interests at heart. Mozilla was once a different entity but it has slowly descended to what we have before us now. They are perhaps beyond redemption now because the wheels have been in motion for so long at this point.

  2. Jeff said on October 8, 2020 at 7:35 am
    Reply

    Yeah it happened to me the other day and I was clueless. Thanks for the explanation. Switched to Vivaldi for main browsing. Chrome team is full of jerks forcing behaviors often. No options kept for end users.

  3. Frank said on October 8, 2020 at 7:41 am
    Reply

    Only one sensible option: ditch Chrome. Should do that anyway. Plenty of good alternatives.

    1. Herman Cost said on October 9, 2020 at 6:08 pm
      Reply

      I unistalled it about 18 months ago. Felt food when I did it, and nothing has happened since to change my mind.

  4. Allwynd said on October 8, 2020 at 8:35 am
    Reply

    They should have put a switch button in Settings that allows you to easily turn this off if you know what you’re doing. The fact that you have to disable/enable a flag in about:flags means that they can easily remove the flag and leave you with tied hands and not being able to do anything other than either stick to an old version of Chrome and not update (insecure) or move to another browser.

    I hope other Chromium browsers, at least Vivaldi or Brave don’t follow suit and even 1-2 years from now this is not even an issue for them, but I can see Microsoft doing it with Edge.

    1. Reply said on October 8, 2020 at 9:33 pm
      Reply

      There is a “switch”, it’s here: chrome://settings/content/insecureContent

  5. Jojo said on October 8, 2020 at 8:38 am
    Reply

    Has anyone else noticed that color registration is off in the latest Chrome? For instance, yellow comes out as a yellow-green shade.

  6. Jim Vanderbilt said on October 8, 2020 at 8:44 am
    Reply

    “version 86, released on September 6” – Wrong month ?

    1. Martin Brinkmann said on October 8, 2020 at 10:16 am
      Reply

      Fixed, thanks Jim!

  7. John G. said on October 8, 2020 at 8:51 am
    Reply

    I was unable to listen a stream (online) radio for weeks in Chrome and I didn’t know how to solve the problem. After reading this article I found the solution because it’s the same problem as the described here: stream was http over https web. However, the solution is simple: you should add the entire web to exclusions of secure content. Privacy and security settings > website configuration > security content (at the bottom of all options) > add page to allow (exclusion) = it’s solved. Thank you @Martin for this useful article, it gave me the idea of how to solve my stream radio problem. :]

  8. Jim Vanderbilt said on October 8, 2020 at 8:56 am
    Reply

    “Blocking file downloads without notification” – ANYTHING w/o notification is the worst UI scenario. Every user action has to have some system response, that’s dialog design basics since decades.
    But I’m sure that this will be fixed soon (I would not expect an option to override though).

    1. Reply said on October 8, 2020 at 9:31 pm
      Reply

      > I would not expect an option to override though

      You can override it (allow insecure content) if you go to chrome://settings/content/insecureContent

  9. John G. said on October 8, 2020 at 8:57 am
    Reply

    Other simple solution to solve this issue is in all websites you are visiting:
    Chrome configuration > privacy and security settings > web sites configuration > non secure content > add to allow > https://*
    (It works like a charm, however it seems to be more secure to allow site per site.) Thanks again, @Martin. :]

  10. ilev said on October 8, 2020 at 9:36 am
    Reply

    Just right-click on the file to download and select ‘save as’

  11. John C. said on October 8, 2020 at 9:55 am
    Reply

    Google Chrome: Never used it, and never will. This kind of behavior on the part of Google is not to protect the end user, rather it’s to establish a precedent that will allow censorship of downloads. Just switch to another browser and tell Google to take a hike.

    1. Anonymous said on October 8, 2020 at 10:44 am
      Reply

      “Just switch to another browser and tell Google to take a hike.”

      The problem is that while marketing itself as the independent alternative, Firefox follows closely what Chrome does, so that Google can enforce its policies on Firefox users too. Firefox forks should be used to limit the damage.

      1. Anomagi said on October 8, 2020 at 8:29 pm
        Reply

        “The problem is that while marketing itself as the independent alternative, Firefox follows closely what Chrome does, so that Google can enforce its policies on Firefox users too.”

        Can you provide some examples of Firefox following Chrome closely? I want to know these things so that the next time I talk to a FF fanboy I will bring them up. I only know about the FF android fiasco (extension support and about:config removal).

        “Firefox forks should be used to limit the damage.”

        Can you recommend any good one for a win7 machine? I was thinking of trying Palemoon.

      2. John C. said on October 10, 2020 at 1:05 am
        Reply

        I’ve been using Pale Moon for about a year now. Works great and I can even use legacy Firefox extensions. I have had absolutely no security problems.

      3. Anomagi said on October 9, 2020 at 6:21 am
        Reply

        I am not doubting your claim that Firefox follows closely what Chrome does but can you give a few examples? I would really like to know.

        Also which Firefox fork do you recommend? I am looking for a new browser that is similar to FF for my win7 machine.

  12. Yuliya said on October 8, 2020 at 10:27 am
    Reply

    What if you copy the hotlink and paste it in a new tab? I never encountered this, so I had no need to try it, but I guess it should work.

    1. Allwynd said on October 8, 2020 at 2:24 pm
      Reply

      I’m guessing nothing will happen as it still treats the download as “unsafe”, I already removed Chrome so I don’t feel like downloading again just to check, but that’s my guess.

    2. Reply said on October 8, 2020 at 9:32 pm
      Reply

      Or just go to chrome://settings/content/insecureContent and add an exclusion.

  13. Darthagnon said on October 8, 2020 at 2:51 pm
    Reply

    Anyone know if this affects e.g. Chromium/Ungoogled Chromium?

    It’s making me think of using an outdated browser version… maybe go back to when Chromium had trapezoid tabs, individual tab muting, and no blocked downloads (I know, it’s bad practice; maybe possible to mitigate with uBlock, Sandboxie and no saved passwords, only KeePass?)

  14. Anomagi said on October 8, 2020 at 7:56 pm
    Reply

    ” Firefox follows closely what Chrome does, so that Google can enforce its policies on Firefox users too.”

    Can you give me some examples of this? I want to archive some of the blunders Firefox is doing.

    “Firefox forks should be used to limit the damage.”

    Know any good forks. I was considering trying out PaleMoon.

  15. Ron said on October 9, 2020 at 12:34 am
    Reply

    Garbage like this is why I use Pale Moon. That and the fact I don’t like “Gooble” tracking me.

    1. do_not_touch_pale_goon said on October 9, 2020 at 9:12 am
      Reply

      That garbage from pale goons that keep spinning years old unsecure moozilla code might not track but deliver a nice malware bundled into their pale web browser straight from their compromised windoze servers they cannot secure by themselves.

      1. Ron said on October 9, 2020 at 3:09 pm
        Reply

        You’re probably just a sheep that enjoys being fleeced by “Gooble,” Microsoft, Mozilla, etc,. regurgitating the same uninformed misinformation as others.

  16. Keith S. said on October 9, 2020 at 12:40 am
    Reply

    You should clarify the wording in your article. When you say “The download is executed when you do that.” you REALLY mean to say:

    The file is downloaded when you do that.

    By saying “The download is executed”, it implies that if you are downloading an executable, it will automatically run. That is NOT the case, and an important point to make.

  17. not news said on October 9, 2020 at 1:17 am
    Reply

    Sorry, off-topic: how is WinXP code leak not news here?

  18. Anonymous said on October 9, 2020 at 1:58 am
    Reply

    Chrome keeps getting worse every version. Hopefully other Chromium browsers don’t follow their rubbish.

  19. Richard Steven Hack said on October 9, 2020 at 2:48 am
    Reply

    Chrome is as big a joke as Firefox.

    I went to T-Mobile last night. Tried to refill my Pay-As-You-Go account. Firefox doesn’t even work with T-Mobile – can’t even login. Chrome does allow me to login. But then when I submit my refill, nothing happens. No notification of any kind. Why? Who knows? Then I tried to save the page showing my planned submission. Chrome can’t even use the Linux Save As dialog to show the pages saved previously, although it does save the page as shown by the openSUSE file manager.

    This is ridiculous. Whoever is designing these browsers (and Web sites like T-Mobile) are complete and utter morons. It’s no wonder Firefox is losing users. It’s a miracle that Chrome has any. The morons at Google think they’re superior to everyone because they work at a big corporation. So they can’t be bothered to tell the user why the browser does anything, let alone something unexpected. Design decisions are made by all these browser developers on the basis of “this is our decision, get used to it or go somewhere else.”

    There is a word for that sort of behavior.

    1. John G. said on October 9, 2020 at 6:27 pm
      Reply

      Maybe some problem of non security content? Then this will be useful for you:
      “Other simple solution to solve this issue is in all websites you are visiting:
      Chrome configuration > privacy and security settings > web sites configuration > non secure content > add to allow > https://*
      (It works like a charm, however it seems to be more secure to allow site per site.) Thanks again, @Martin. :]”

    2. Jim Vanderbilt said on October 10, 2020 at 6:53 am
      Reply

      “Whoever is designing these browsers … are complete and utter morons.”
      That is unfair and rude. Those people are experienced professionals trying to create the best product for their employer’s customers.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.