Security News > 2020 > August > Chrome 86 will prominently warn about insecure forms on secure pages

Chrome 86 will prominently warn about insecure forms on secure pages
2020-08-18 09:37

Entering information into and submitting it through insecure online forms will come with very explicit warnings in the upcoming Chrome 86, Google has announced.

"Before M86, mixed forms were only marked by removing the lock icon from the address bar. We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms," Shweta Panditrao, a software engineer with the Chrome Security Team, explained.

Google is also planning to disable the autofill feature of the browser's password manager on all mixed forms except login forms.

"Chrome's password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords," Panditrao explained the rationale for that exception.

Simultaneously, Google encouraged developers to fully migrate forms on their site to HTTPS to protect their users.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/LF0PqZuerjc/