Quote:Google Chrome will warn users when submitting insecure forms that deliver information via HTTP connections on HTTPS websites starting with version 86.
These forms (also known as mixed forms) are both privacy and security risks for users since they can allow attackers to read or modify the submitted data.
To address this issue, the Chrome team plans to make a number of changes to the way the web browser deals with the risks associated with such insecure forms.
First of all, Google Chrome v86 will automatically disable auto-filling of mixed forms but with an exception when it comes to forms used as login prompts.
Full-page mixed form submission warning (Google)
"On mixed forms with login and password prompts, Chrome’s password manager will continue to work," Chrome Security Team's Shweta Panditrao said.
"Chrome’s password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords."
![[Image: Mixed%20form%20submission%20warning.png]](https://www.bleepstatic.com/images/news/u/1109292/2020/Mixed%20form%20submission%20warning.png)
Read more: https://www.bleepingcomputer.com/news/se...ure-forms/
![[-]](https://www.geeks.fyi/images/collapse.png)
