The drive against unsafe Sites by Google goes on. The search engine has now said starting with the Chrome version M86, a warning will be given to users when they try to complete forms on secure (HTTPS) pages that are submitted insecurely.
As we all know, despite a Site being HTTPs, it may have forms that are not. These “mixed forms” pose a risk to users’ security & privacy, claims Google. Information submitted on these forms can be visible to eavesdroppers, allowing malicious parties to read or change sensitive form data.
So here’s what Chrome will be doing to communicate the risks associated with mixed form submission:
- Autofill will be disabled on mixed forms.
Note: On mixed forms with login & password prompts, Chrome’s password manager will continue to work. Chrome’s password manager helps users input unique passwords, & it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords. - When a user begins filling out a mixed form, they will see warning text alerting them that the form is not secure.
- If a user tries to submit a mixed form, they will see a full page warning alerting them of the potential risk & confirming if they’d like to submit anyway.
via: Google blog
