Google is working to improve the protection of Chrome users by alerting them while filling out insecurely distributed forms on protected websites.
Set to be released in Chrome 86, the feature addresses so-called mixed forms (they are found on HTTPS pages submitted over HTTP), which are considered a security and privacy threat to users.
Since data transmission is not carried out over a secure connection, eavesdroppers can see the information introduced by the user in those forms, meaning that malicious actors may read or change the data on the server.
Chrome versions before 86 mark mixed forms by eliminating the Address bar lock icon.
“We saw that users found this experience confusing, and the risks associated with uploading data in insecure forms were not communicated effectively,” explains Shweta Panditrao, Chrome Security Team.
Beginning with Chrome 86, Chrome will show a warning text when the user starts filling out a mixed form, telling them that the form is insecure, says Panditrao.
In addition, if the user attempts to submit a mixed form, a full page warning will be shown by the browser to notify them of the potential risk associated with the operation and to seek clarification that they are willing to submit the details regardless.
Furthermore, the Internet giant announced that the browser would immediately disable autofill as soon as mixed forms are identified in Chrome 86, while Chrome’s password manager will still function on mixed forms with login prompts and password promps.
Chrome 86, Google said last week, will also include an experimental feature which should help counter spoofing URLs.
Some weeks ago , Google revealed an improved Chrome Autofill feature to give users the option to use biometric authentication, such as fingerprints, for faster account sign-in.
Leave a Reply