Chrome 86 will warn users about insecure forms on HTTPS pages
Developers at Google continue to add new features to the Chrome browser, including tools to improve the security of user data while browsing the web. One such feature will track so-called “mixed form” submissions, where forms are hosted on secure HTTPS pages that do not use the HTTPS protocol to transmit user input.
Although HTTPS has long been widespread, HTTP content is still present on secure pages. Google is working to remedy this situation by adding a feature to its browser that will warn users if unsafe forms are found on pages. The so-called “mixed forms” threaten the security and privacy of user data. Despite the fact that they can be placed on HTTPS pages, this protocol is not used when transferring user-entered data. Data from such forms can be intercepted by attackers, so Google is fighting this.
Currently, in Chrome, the lock icon in the address bar disappears when the user navigates to a page with “mixed forms”. According to the developers, this is not enough, so in the future, the browser will more actively notify about it. Chrome 86 will disable autocomplete for such forms and display a warning. If the user enters data in such a form and tries to send them, a warning will appear prompting you to cancel the action or agree to the risks.
Google recommends that site developers “completely move forms on their sites to use HTTPS to protect users.” The stable version of Chrome 86, which will include the mentioned feature, should be available to a wide range of users in October this year.
