Google Chome will stop you typing bank details into shoddy sites

[aum]

Protection from eavesdroppers coming soon

 

Even if the page itself uses a secure https connection and has the padlock icon in the address bar to prove it, it’s still possible that forms on the page could use unencrypted http. That means there’s a risk that data entered into those forms could be intercepted before it reaches the intended server, allowing it to be read or changed

 

Google is planning an update for Chrome that will warn you if a secure webpage contains an insecure form.

 

As 9to5Google reports, when you begin typing in one of these ‘mixed forms’ following the update, Chrome will warn you about the problem with a large pop-up. The browser will also disable auto-fill to minimize the possibility of you sending sensitive information like your name, address or payment details without realizing the risk.

 

You will receive another warning if you attempt to submit the mixed form, though the browser won’t prevent you from doing so if you choose to go ahead.

Mixed messages

In a post on its Chromium Blog, Google explains that Chrome’s password manager will continue to work on mixed forms.

 

“Chrome’s  password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords,” it said.

 

The new warning system is due to arrive with Chrome 86, which is expected to roll out on October 6.

 

Until then, to avoid accidentally entering data into an insecure form, double-check for the lock icon in the address bar. Even if the URL begins ‘https://’, a missing padlock icon means the form is mixed.

 

Source

[Karlston]

Google introduces insecure form warnings in Chrome 86 Stable

Many Internet sites rely on functionality that uses forms in one form or another. Here on Ghacks, we use forms in the comment section, but sites may use forms for a variety of purposes including bank transfer information, credit card data, a personal message to the webmaster, or to add comments to a file upload.

 

One of the main issues with forms is that it may not be clear right away if the data that is submitted is encrypted or not. Advanced users may check the site's code to check out the form, but the majority of users probably does not know how to do that.

 

Google plans to introduce insecure form warnings in the company's Chrome web browser in the near future. Starting in Chrome 86, the browser will warn users if a form is not secure. Additionally, it will also disable autofill on these forms automatically.

 

The company notes that insecure forms "are a risk to users' security and privacy", and explains that the information that is entered into insecure forms "can be visible to eavesdroppers" and that the data can be read or even changed.

via Google

Google Chrome 86 comes with a layered approach of protection when it comes to insecure forms. The first thing that users may notice is that autofill is disabled; Chrome's password manager and the automatic filling out of username or passwords continues to work though, according to Google. An explanation as to why that is the case has not been provided at the time of writing.

via Google

Chrome users may still fill out forms manually and Chrome will show another warning to alert users that the form is not secure. A click on submit does not submit the form right away; Chrome displays an intermediary page first that contains yet another warning stating that "the information you're about to submit is not secure". Options to go back or to send the form anyway are provided.

 

Google Chrome 86 Stable will be released on October 6, 2020 according to the release schedule. Webmasters who still use insecure forms on their sites are encouraged to change that immediately.

Closing words

Insecure form warnings help users identify a problem that they may be unaware of. It is good that it is still possible to send the form, as there may be no other way at times. The fact that passwords are still autofilled by Chrome is problematic, and it is not clear why Google made the decision to allow the autofilling to happen in that case but not in others considering that passwords are in may cases more important than other form data.

 

 

Google introduces insecure form warnings in Chrome 86 Stable

 

[Karlston]

Moved from Software News.

 

Browser security features fit better here.

[cosy]

This looks like Big Brother" is watching over my shoulders, isn't it?

Why should they decide this for me, in the first place?

[Moist_nugget]

From the title alone, my first thought was that Google is going to go through what people are writing but they are basically giving warnings if the site certificate or HTTPS connection are bad.

 

Then again, Chrome is absolutely collecting every single thing the users are doing 😏 would be funny if they prevented people from typing bullshit in Twitter etc. "The information you are about to publish in this social media platform is completely false and idiotic. We have prevented you from submitting it."