Google is working on improving the security of Chrome users by alerting them when filling out forms on secure pages that are delivered insecurely.
Set to be introduced in Chrome 86, the feature targets the so-called mixed forms (they are found on HTTPS pages that submit over HTTP), which are considered a risk to users’ security and privacy.
Because the data transmission is not performed over a secure connection, the information introduced by the user in those forms is visible to eavesdroppers, meaning that malicious actors can read or change the form data.
Chrome versions prior to 86 mark mixed forms by removing the lock icon from the address bar.
“We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms,” Shweta Panditrao, Chrome Security Team, explains.
Starting with Chrome 86, when the user starts filling out a mixed form, Chrome will display a warning text, informing them that the form is insecure, Panditrao says.
Furthermore, when the user attempts to submit a mixed form, the browser will display a full page alert, so as to warn them of the potential risk associated with the operation, and to request confirmation that they are willing to submit the information anyway.
Additionally, the Internet giant announced that, as soon as mixed forms are detected in Chrome 86, the browser will automatically disable autofill, although Chrome’s password manager will still work on mixed forms with login and password prompts.
Chrome 86, Google said last week, will also include an experimental feature that should help in the fight against URL spoofing.
Several weeks ago, Google announced an updated Autofill feature in Chrome, to provide users with the option to use biometric authentication, such as a fingerprints, for faster sign-in into accounts.
Related: Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome
Related: Google to Run Experiment in Fight Against URL Spoofing in Chrome
Related: Autofill Through Biometric Authentication Coming to Chrome
Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout
More from Ionut Arghire
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- 820k Impacted by Data Breach at Zacks Investment Research
- US Government Agencies Warn of Malicious Use of Remote Management Software
- Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool
- CISA Provides Resources for Securing K-12 Education System
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
