Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Chrome 86 to Alert Users of Insecure Forms

Google is working on improving the security of Chrome users by alerting them when filling out forms on secure pages that are delivered insecurely.

Set to be introduced in Chrome 86, the feature targets the so-called mixed forms (they are found on HTTPS pages that submit over HTTP), which are considered a risk to users’ security and privacy.

Google is working on improving the security of Chrome users by alerting them when filling out forms on secure pages that are delivered insecurely.

Set to be introduced in Chrome 86, the feature targets the so-called mixed forms (they are found on HTTPS pages that submit over HTTP), which are considered a risk to users’ security and privacy.

Because the data transmission is not performed over a secure connection, the information introduced by the user in those forms is visible to eavesdroppers, meaning that malicious actors can read or change the form data.

Chrome versions prior to 86 mark mixed forms by removing the lock icon from the address bar.

“We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms,” Shweta Panditrao, Chrome Security Team, explains.

Starting with Chrome 86, when the user starts filling out a mixed form, Chrome will display a warning text, informing them that the form is insecure, Panditrao says.

Furthermore, when the user attempts to submit a mixed form, the browser will display a full page alert, so as to warn them of the potential risk associated with the operation, and to request confirmation that they are willing to submit the information anyway.

Additionally, the Internet giant announced that, as soon as mixed forms are detected in Chrome 86, the browser will automatically disable autofill, although Chrome’s password manager will still work on mixed forms with login and password prompts.

Advertisement. Scroll to continue reading.

Chrome 86, Google said last week, will also include an experimental feature that should help in the fight against URL spoofing.

Several weeks ago, Google announced an updated Autofill feature in Chrome, to provide users with the option to use biometric authentication, such as a fingerprints, for faster sign-in into accounts.

Related: Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome

Related: Google to Run Experiment in Fight Against URL Spoofing in Chrome

Related: Autofill Through Biometric Authentication Coming to Chrome

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.