Google company a plan to add new mechanisms to protect against insecure file downloads in Chrome. In Chrome 86, which is scheduled for release on October 26, downloading all kinds of files via links from pages opened via HTTPS will only be possible when uploading files using the HTTPS protocol. It is noted that downloading files without encryption can be used to perform malicious activity through content spoofing during MITM attacks (for example, malware that infects home routers can spoof downloaded applications or intercept confidential documents).
Blocking will be implemented gradually starting with the release of Chrome 82, in which a warning will be issued when trying to insecurely download executable files from links from HTTPS pages. In Chrome 83, blocking will be enabled for executable files, and a warning will be issued for archives. In Chrome 84, archive blocking and a warning will be enabled for documents. In Chrome 85, documents will be blocked, and a warning will be displayed for insecure downloads of images, video, sound, and text, which will begin to be blocked in Chrome 86.
In the more distant future, it is planned to completely remove support for downloading files without using encryption. In releases for Android and iOS, blocking will be implemented with a delay of one release (instead of Chrome 82 - in 83, etc.). In Chrome 81, the option "chrome://flags/#treat-unsafe-downloads-as-active-content" will appear in the settings, which will allow you to enable warnings without waiting for the release of Chrome 82.
Source: opennet.ru