Google has announced that Chrome will soon connect to websites more securely by default. Beginning with Chrome 154, set for release in October 2026, the browser will automatically activate the Always Use Secure Connections feature.
This means Chrome will attempt all website connections over HTTPS and ask for confirmation before visiting any public site that does not support it.
The update reflects Google’s long-term goal of making secure connections the standard across the web.
When sites use only HTTP, attackers can intercept or alter traffic, potentially exposing users to malicious content. Chrome Security noted that such threats remain possible despite widespread HTTPS adoption.
Why Chrome is Making the Shift
Over the past decade, Google’s HTTPS Transparency Report has tracked a steady increase in encrypted browsing.
In 2015, only about 30-45% of Chrome traffic used HTTPS; by 2020, that number had risen to roughly 95-99%. Since then, growth has slowed, leaving a small but persistent portion of traffic still unprotected.
“[Even] a few percentage points of insecure traffic is a lot of navigations,” the Chrome team said.
“Attackers only need one insecure connection [...] to compromise a user.”
To limit unnecessary prompts, Chrome’s implementation will avoid warning users repeatedly about sites they visit often. Instead, the browser will only display alerts for new or rarely visited insecure pages.
How the Rollout Will Work
The change will roll out in two phases. In April 2026, Chrome 147 will turn on the feature for users already enrolled in Enhanced Safe Browsing, which covers more than 1 billion people. By October 2026, Chrome 154 will extend it to all users globally.
The default mode applies only to public websites. Internal addresses, such as local routers, private servers or company intranets, will be exempt from warnings because these typically carry less risk and are harder to secure with HTTPS certificates.
Read more on web security and HTTPS adoption: Volume of HTTPS Phishing Sites Surges 56% Annually
Google’s early experiments showed minimal disruption. Fewer than 3% of navigations triggered a warning, and most users saw fewer than one alert per week.
“While we believe that warning on insecure public sites represents a significant step forward for the security of the web, there is still more work to be done,” the Chrome team said.
“In the future, we hope to work to further reduce barriers to the adoption of HTTPS, especially for local network sites. This work will hopefully enable even more robust HTTP protections down the road.”
Image credit: Mamun_Sheikh / Shutterstock.com