Security News > 2020 > December > Google Chrome disables insecure form warnings after complaints
Google has disabled a feature that displays a warning when submitting insecure forms after receiving many complaints from users and website administrators.
Google has been focusing on removing mixed-content in Google Chrome, when a secure page loads content from an insecure URL. As part of this initiative, Google rolled out a new feature in Chrome 86 that warns users when submitting insecure forms from a secure page to an insecure URL. Submitting an insecure form would display a warning about the risks of doing so and asks the user if they wish to continue submitting the information.
The problem is that Google Chrome would show the insecure form warning even if the form submissions were secure, but the user was redirected to an HTTP URL after submitting the form.
A form submission flow of HTTPS Form > HTTPS URL > Redirect to HTTP URL would generate a warning in Chrome, even though the form was submitted securely.
Chrome users say that this is a bug as the form submissions are secure, and only the redirect went to an HTTP URL. On December 15th, Google software engineer Carlos Joan Rafael Ibarra Lopez stated that they are disabling the feature in Chrome 87 to adjust it, so HTTP redirects after a secure form submission do not generate a warning.
News URL
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)