Google goes one step further to protect people’s information when they try to submit details through unsafe web forms.
While there is widespread adoption today of HTTPS, HTTP content on secure pages still exists.
HTTPS encrypts your traffic so that most of the information you send cannot be spied on by third parties.
However, secure HTTPS sites can still contain unsafe HTTP forms.
And the search giant is trying to eliminate it, where Directs Chrome browser now turns its attention to unsafe web forms.
These hybrid forms – forms found on HTTPS sites that are not provided over HTTPS – pose a threat to users’ security and privacy.
The information provided in these forms can be visible to the eavesdropper, allowing malicious parties to read or change sensitive form data.
Chrome is currently removing the padlock symbol – which should indicate that the site’s connection to the site is safe – the address bar from mixed-pattern sites.
However, this has been shown to present an unclear experience, and does not effectively convey the risks associated with presenting data in unsafe forms.
Starting with version 86, which is due to arrive in October, Chrome will provide a stricter warning about unsafe forms.
Autofill will be disabled, but the built-in password manager will continue to provide unique passwords, and the company says it’s more secure than reusing login data.
The form displays a red warning text below the field that says: This web form is not secure, so Autofill has been turned off, so the page is not automatically populated with potentially sensitive or private information.
The browser also displays a full-page warning to report potential risks, and gives users an option to cancel the action, but there will be a “Submit Anyway” button.
Website developers are encouraged to transfer the templates on their site to HTTPS entirely, to protect their users.
This appears to be part of a plan announced by Google in October to block HTTP sub-sources on HTTPS pages by default in Chrome.