{"id":1602,"date":"2020-09-09T08:10:10","date_gmt":"2020-09-09T15:10:10","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=1602"},"modified":"2023-09-27T13:08:42","modified_gmt":"2023-09-27T20:08:42","slug":"google-chrome-will-now-warn-users-about-insecure-forms","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/google-chrome-will-now-warn-users-about-insecure-forms\/","title":{"rendered":"Google Chrome will now warn users about insecure forms"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Generally, with every major browser update there comes a tightening of security<\/a> measures, and rightly so. Google Chrome 86 is no exception. The newest version of the Chrome browser is set for release on October 6th, 2020, and will have a promising new feature \u2014 protecting users from dodgy text boxes. 
<\/p>\n\n\n\n\n\n\n\n

Moving forward, if Chrome doesn\u2019t trust a text box or form, it will disable autofill and display an explicit text warning informing users that it isn\u2019t secure.   <\/p>\n\n\n\n

What makes certain text forms and boxes insecure?<\/h2>\n\n\n\n

An insecure text box can be due to the issue of \u201cmixed content\u201d. It\u2019s a common enough problem that we discuss in more length in this blog post<\/a>. The long and short of it is, even when you install an SSL certificate<\/a> on your site, there still might be some site elements that load via a HTTP connection rather than an encrypted HTTPS connection. There can be genuine reasons for this, for example, if you have scripts, images, or, yes, forms, that aren\u2019t hosted on your website server, but linked from a different site entirely.\u00a0
<\/p>\n\n\n\n

Even if the mixed content on your site isn\u2019t malicious and simply due to a lack of awareness, browsers will consider it untrustworthy. These days, anything less than a HTTPS connection is not to be trusted. And this is particularly pertinent when it comes to forms. After all, if you submit personal data over a form that isn\u2019t encrypted, while your data is in transit it will be visible to anyone who wants to see it. Malicious parties can even change sensitive form data. Not good. <\/p>\n\n\n\n

So what\u2019s actually changing?<\/h2>\n\n\n\n

Currently, if a website has an insecure form or text box, Chrome will just remove the lock icon from the address bar as a warning. According to a Chromium blog post<\/a> addressing the upcoming change, users understandably find this warning unclear, and think that it doesn\u2019t effectively communicate the risks of submitting their data on such forms. Moving forward, Chrome will more clearly communicate the risks.
<\/p>\n\n\n\n

As we mentioned earlier, Chrome will disable autofill on suspect forms. This is how it will look in action:
<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

If a user decides to move forward and fill out the form anyway, they will receive another warning before they are able to submit it. That warning will look like this:
<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Wrap Up<\/h2>\n\n\n\n

This welcome update to Google Chrome is sure to help users make more informed decisions on sites with insecure forms. If you\u2019re looking to fix insecure or mixed content on your own website, check out the blog post<\/a> we mentioned earlier or read this Knowledgebase article<\/a>. \n\n<\/p>\n","protected":false},"excerpt":{"rendered":"

Generally, with every major browser update there comes a tightening of security measures, and rightly so. Google Chrome 86 is no exception. The newest version of the Chrome browser is set for release on October 6th, 2020, and will have a promising new feature \u2014 protecting users from dodgy text boxes. <\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1602","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=1602"}],"version-history":[{"count":4,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1602\/revisions"}],"predecessor-version":[{"id":2660,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1602\/revisions\/2660"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=1602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=1602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=1602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}