Google is working on a new feature to enhance the security and privacy of Chrome users. Starting Chrome v86, users will come across a warning message upon trying to submit data into insecure mixed form fields. According to Google, mixed forms are those that are hosted on HTTPS websites but fail to latch onto HTTPS in your Chrome tab or window. Insecure forms like these are prone to privacy and security risks.
The information you’re about to submit is not secure
In its recent blog post, Google Chrome team wrote:
“Beginning in M86, Chrome will warn users when they try to complete forms on secure (HTTPS) pages that are submitted insecurely. These “mixed forms” (forms on HTTPS sites that do not submit on HTTPS) are a risk to users’ security and privacy.”
Google warns that the data you submit to mixed forms can be visible to eavesdroppers and threat actors who often carry out malicious activities. These forms also allow third-party entities to read or change sensitive form data. To prevent threat actors from misusing sensitive form data, Chrome 86 is set to implement several changes, as follows:
Google will disable the autofill option on mixed forms
Starting Chrome v86, Google will disable the autofill option on Mixed forms. However, it won’t affect your login credentials. Google says Chrome’s built-in password manager will continue to work on mixed forms with login and password prompts. As a precautionary measure, Chrome users will also see a warning that the form is not secure:
“This form is not secure. Autofill has been turned off.”
Furthermore, in case Chrome users still try to submit a mixed form, they will see a full-page warning:
“The information you’re about to submit is not secure. Because the site is using a connection that’s not completely secure, your information will be visible to others.”
Google is now encouraging developers to fully migrate forms on their website to HTTPS. Before this change, mixed forms could be unlocked from the address bar to proceed. But Google says users found that experience unclear. Hence, Chrome is now explicitly warning users to stay away from mixed forms.