Protection from eavesdroppers coming soon
Even if the page itself uses a secure https connection and has the padlock icon in the address bar to prove it, it’s still possible that forms on the page could use unencrypted http. That means there’s a risk that data entered into those forms could be intercepted before it reaches the intended server, allowing it to be read or changed
Google is planning an update for Chrome that will warn you if a secure webpage contains an insecure form.
As 9to5Google reports, when you begin typing in one of these ‘mixed forms’ following the update, Chrome will warn you about the problem with a large pop-up. The browser will also disable auto-fill to minimize the possibility of you sending sensitive information like your name, address or payment details without realizing the risk.
You will receive another warning if you attempt to submit the mixed form, though the browser won’t prevent you from doing so if you choose to go ahead.
In a post on its Chromium Blog, Google explains that Chrome’s password manager will continue to work on mixed forms.
“Chrome’s password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords,” it said.
The new warning system is due to arrive with Chrome 86, which is expected to roll out on October 6.
Until then, to avoid accidentally entering data into an insecure form, double-check for the lock icon in the address bar. Even if the URL begins ‘https://’, a missing padlock icon means the form is mixed.