Google is taking another big step to make web browsing safer for everyone. Chrome will soon enable the “Always Use Secure Connections” setting by default for all users when they visit public websites. This important change will roll out in October 2026 with Chrome version 154.
Users who have already turned on Chrome’s “Enhanced Safe Browsing” protections will get this feature sooner, in April 2025, when Chrome 147 arrives. With this setting active, Chrome will ask you for permission before connecting to any public website that doesn’t use the more secure HTTPS protocol.
This move continues Google’s long-term effort to secure the web. Back in 2018, Chrome started warning users about insecure HTTP sites. In April 2021, it began automatically trying to connect to HTTPS by default. The company then offered “Always Use Secure Connections” as an optional setting in 2022.
Using HTTP instead of HTTPS creates significant security risks. Attackers can easily hijack these connections, potentially installing malware, tricking users with fake websites, or launching other cyberattacks. The Chrome team explained that such attacks are not just theoretical; criminals use existing software to hijack navigation. Even if many websites now use HTTPS, a single insecure HTTP connection can give attackers a way in. What’s worse, users often don’t even realize they’re on an HTTP connection, as many insecure sites quickly redirect to their HTTPS versions. The “Always Use Secure Connections” feature aims to stop these dangers.
However, HTTP connections still exist for private sites, like local network addresses or company intranets. It’s tough for these private sites to get HTTPS certificates because the same private names can point to different computers across various networks. For instance, many router manufacturers use “192.168.0.1” as a local address to access the router’s settings. Still, browsing private sites over HTTP carries less risk than browsing the public internet, since attacks can only originate within the local network.
