Security Experts:

Chrome 86 to Alert Users of Insecure Forms

Google is working on improving the security of Chrome users by alerting them when filling out forms on secure pages that are delivered insecurely.

Set to be introduced in Chrome 86, the feature targets the so-called mixed forms (they are found on HTTPS pages that submit over HTTP), which are considered a risk to users’ security and privacy.

Because the data transmission is not performed over a secure connection, the information introduced by the user in those forms is visible to eavesdroppers, meaning that malicious actors can read or change the form data.

Chrome versions prior to 86 mark mixed forms by removing the lock icon from the address bar.

“We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms,” Shweta Panditrao, Chrome Security Team, explains.

Starting with Chrome 86, when the user starts filling out a mixed form, Chrome will display a warning text, informing them that the form is insecure, Panditrao says.

Furthermore, when the user attempts to submit a mixed form, the browser will display a full page alert, so as to warn them of the potential risk associated with the operation, and to request confirmation that they are willing to submit the information anyway.

Additionally, the Internet giant announced that, as soon as mixed forms are detected in Chrome 86, the browser will automatically disable autofill, although Chrome’s password manager will still work on mixed forms with login and password prompts.

Chrome 86, Google said last week, will also include an experimental feature that should help in the fight against URL spoofing.

Several weeks ago, Google announced an updated Autofill feature in Chrome, to provide users with the option to use biometric authentication, such as a fingerprints, for faster sign-in into accounts.

Related: Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome

Related: Google to Run Experiment in Fight Against URL Spoofing in Chrome

Related: Autofill Through Biometric Authentication Coming to Chrome

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

view counter