Google Chrome will now warn users about insecure forms

Generally, with every major browser update there comes a tightening of security measures, and rightly so. Google Chrome 86 is no exception. The newest version of the Chrome browser is set for release on October 6th, 2020, and will have a promising new feature — protecting users from dodgy text boxes. 

Moving forward, if Chrome doesn’t trust a text box or form, it will disable autofill and display an explicit text warning informing users that it isn’t secure.   

What makes certain text forms and boxes insecure?

An insecure text box can be due to the issue of “mixed content”. It’s a common enough problem that we discuss in more length in this blog post. The long and short of it is, even when you install an SSL certificate on your site, there still might be some site elements that load via a HTTP connection rather than an encrypted HTTPS connection. There can be genuine reasons for this, for example, if you have scripts, images, or, yes, forms, that aren’t hosted on your website server, but linked from a different site entirely. 

Even if the mixed content on your site isn’t malicious and simply due to a lack of awareness, browsers will consider it untrustworthy. These days, anything less than a HTTPS connection is not to be trusted. And this is particularly pertinent when it comes to forms. After all, if you submit personal data over a form that isn’t encrypted, while your data is in transit it will be visible to anyone who wants to see it. Malicious parties can even change sensitive form data. Not good. 

So what’s actually changing?

Currently, if a website has an insecure form or text box, Chrome will just remove the lock icon from the address bar as a warning. According to a Chromium blog post addressing the upcoming change, users understandably find this warning unclear, and think that it doesn’t effectively communicate the risks of submitting their data on such forms. Moving forward, Chrome will more clearly communicate the risks.

As we mentioned earlier, Chrome will disable autofill on suspect forms. This is how it will look in action:

If a user decides to move forward and fill out the form anyway, they will receive another warning before they are able to submit it. That warning will look like this:

Wrap Up

This welcome update to Google Chrome is sure to help users make more informed decisions on sites with insecure forms. If you’re looking to fix insecure or mixed content on your own website, check out the blog post we mentioned earlier or read this Knowledgebase article.

Share on Twitter, Facebook, Google+