By adding another security feature, Google is trying to prevent unauthorized access to user data when using the Chrome web browser, according to the Chromium Blog post. Starting with the M86 version, which will be released in October, the browser will give the user a much stronger warning when trying to send data through a so-called “mixed form” form – these forms typically contain text input fields on HTTPS pages that are actually sent over an HTTP connection.
The records thus sent, which typically contain sensitive personal information, can be easily obtained by unauthorized persons, and it is no coincidence that one of the foundations of modern phishing attacks is mixed forms, through which the user obtains data on a seemingly secure page. or modified en masse
The October release of Chrome introduces a multi-step warning system when using insecure forms to avoid this. Thus, when a user types text on such a form, a warning message will appear immediately below the text stating that the form is unsafe or that the autofill form has been turned off (Chrome Password Manager will remain active regardless).
If the user submits the contents of the form despite the warning, he receives another warning warning that the data is being transmitted over an insecure channel. The content of the form will then only be actually sent after further confirmation. Chrome has tried to draw attention to insecure forms on HTTPS pages by turning off the HTTPS connection icon in front of the URL, but Google says this has not been clear enough for users.
Gellert is Technology Editor at Counting News Media and contributor at other major tech publications. Her interests includes testing new gadgets and reading.