In a phased approach, Chrome plans to block mixed content on secure websites to improve user security. Most browsers already block some mixed content such as scripts and iframes by default. Chrome is amping it up by gradually taking steps to also block images, audio recordings and videos, according to a recent Google Security blog. Preventing mixed content to load will eventually result in HTTPS websites losing their security indicator downgrading the site to HTTP, which alerts visitors that the site is not secure.
Mixed content happens when a website that is secured by HTTPS provides some content over HTTP. For example, the site might load scripts, iframes, images, audio or video over HTTP. Sometimes the insecure content is distributed from a third party. Achieving HTTPS means securing all website content .
The issue with mixed content is that it is vulnerable to an attack. A bad actor could manipulate the insecure content to impart false information or possibly inject malicious code that could harm website users.
Google has announced how it plans to phase in the blocking of all mixed content for Chrome as follows:
In order to provide browser users with the best experience on your website and offer greater security, website owners are encouraged to secure all content including visual and multimedia and ensure that all content comes from secure sources.