Google has said that an upcoming version of its Chrome browser will people if they go to complete a web form that would be submitted insecurely.
In a blog post Google detailed the change that will be made to the upcoming M86 build of Chrome that addresses the security vulnerabilities of ‘mixed forms’, where secure HTTPS pages have text field forms that are not submitted on HTTPS.
The browser will alert users with a red-lettered warning: ‘This form is not sure. Autofill has been turned off.’
Previously such forms were only marked by removing the lock icon from the address bar, a change deemed too subtle to notify the majority of users to the potential security risks.
It’s designed to stop people from unwittingly typing in sensitive information into text fields that when sent are insecure. Even if a website is HTTPS certified, the forms can sometimes be separate to that, meaning sensitive data could be intercepted even if the intended recipient is legitimate and trusted.
Users will still be able to submit information in these flagged forms, though Chrome will display an ‘are you sure?’ style warning message.
Google said that on these ‘mixed forms’ that Chrome’s password manager would still work.