The browser will alert users with a red-lettered warning: ‘This form is not sure. Autofill has been turned off.’
Previously such forms were only marked by removing the lock icon from the address bar, a change deemed too subtle to notify the majority of users to the potential security risks.
It’s designed to stop people from unwittingly typing in sensitive information into text fields that when sent are insecure. Even if a website is HTTPS certified, the forms can sometimes be separate to that, meaning sensitive data could be intercepted even if the intended recipient is legitimate and trusted.
Users will still be able to submit information in these flagged forms, though Chrome will display an ‘are you sure?’ style warning message.
Google said that on these ‘mixed forms’ that Chrome’s password manager would still work.