 |
| If the web form is not secure Chrome browser will notify you |
When users try to submit detailed information via unsafe web forms, Google takes additional steps to protect users' information.
Although HTTPS is widely used today, HTTP content can still be found on secure pages.
HTTPS encrypts your traffic so most of the information you send cannot be heard by third parties.
However, a secure HTTPS site can still contain insecure HTTP forms.
The search giant is trying to prevent this from happening as Chrome is now turning to insecure web forms.
These hybrid forms found on HTTPS sites (not available over HTTPS) threaten user security and privacy.
The information on these forms is visible for eavesdropping so that malicious parties can read or alter sensitive data in the forms.
Chrome is currently removing the lock icon from the hybrid form website's address bar (the icon should indicate that the website's connection is secure).
However, this has shown unclear experience and cannot effectively report the risks associated with providing data in an insecure form.
Starting with version 86, which comes out in October, Chrome offers stricter warnings for dangerous forms.
The autofill feature will be disabled, but the built-in password manager will still provide unique passwords. This is much safer than reusing credentials, according to the company.
The form displays a red warning text below the field: The web form is not secure, so the Autofill feature is disabled so that the page is not automatically filled with potentially sensitive or private information.
The browser also displays a full-page warning to indicate potential risks and give the user the option to cancel. However, you will always see the Submit button.
Encourage website developers to fully migrate their website templates to HTTPS to keep their users safe.
This appears to be part of a plan Google announced last October to block HTTP sub-sources on HTTPS pages in Chrome by default.