These sites are referred to as “mixed content downloads” and are being targeted by Google with its next Chrome update.
Thankfully for legitimate web developers, these changes won’t be made overnight. Chrome will be staggering the forthcoming changes, which should be fully implemented for Chrome users across the globe by June 2020. To begin, Google will warn users about files being downloaded using HTTP – rather than HTTPS – before actually blocking the downloads entirely.
Starting with Chrome 82 in April 2020, Chrome will caution users about insecure connections when trying to download executable files like .exe and .apk installers – as these will be used to install new apps or updates on the operating system and could do the most damage if compromised.
After that, it will start to warn and block different categories of downloads until a blanket-ban on all downloads using this older, insecure method is in place by Chrome version 86 in October 2020. Meanwhile, Android and iOS will have a month’s delay as those platforms already have some safeguards for insecure downloads in place.