Starting with version 86, Google Chrome will warn users who fill out unsafe forms , i.e. those who transmit information using an HTTP connection on HTTPS websites, of possible dangers .
Forms, known as mixed forms , pose a threat to the security and privacy of users as they can allow probable attackers to intercept and read or modify the information entered. The Google Chrome team is planning to make some changes to the browser to improve security in situations where users will have to deal with these unsafe forms.
In Google Chrome 86, the auto-completion of forms not protected by HTTPS connections will be disabled first unless they are fields intended for login. After that a small banner will be shown with a red wording that will alert users of the possible danger.
“ In mixed forms with login and password requests, Chrome’s password manager will continue to work, ” said Shweta Panditrao of the Chrome Security Team . ” Chrome’s password manager helps users enter unique passwords, and it’s safer to use unique passwords even on insecurely submitted forms, rather than reusing passwords .”
In addition, when submitting the information entered, Chrome will show a full screen alert that will ask users for confirmation to submit the form . Better to be sure what you’re doing when it comes to posting (sometimes personal) information on the internet, right?
This is just one of the battles that Google is fighting against unsecured surfing the net. Chrome will always block all mixed content downloads (i.e. downloads provided with HTTP connections from HTTPS sites) starting from version 86 because they are vulnerable to Man in The Middle (MiTM) attacks, a block that has been gradually spreading since the release of Chrome 81 in March of this year.
Additionally, Google announced in October 2019 that it will gradually block the loading of unsafe resources by HTTPS sites . From January of this year, in fact, Google Chrome 80 will automatically update the addresses of the audio and video mixed content to HTTPS, blocking all the contents that cannot be loaded with this type of secure connection. Destiny which also affected images starting with Chrome version 81.
Do you believe that Google is doing enough to improve the experience and safety of internet browsing?