Autofill makes life easy in an internet full of sign-up forms, but some of those forms can be nasty little — well, some of them are quite lengthy — things that can spill private information all over the place. Starting in Chrome 86, Google's browser will prevent users from utilizing Autofill if the form transmit through an unsafe path.
A good lot of sites still submit form information through unsecured paths even though the webpage on which the form itself is hosted might be on HTTPS. Google deems these so-called "mixed forms" a security risk to Chrome users, so it has decided to implement changes with the next milestone release.
Currently, Chrome users were only able to see if a form was mixed by first tapping on the lock icon in the address bar — not exactly the profile this aspect necessarily deserves.
In Chrome 86, though, if a user begins to fill out a mixed form, the Autofill box will not populate with the users' credential profiles and instead indicate that the feature has been turned off. If the user persists with filling the form and submits it, Chrome will pop up a full-page security warning before giving them the choice of aborting or sending.
Chrome's password manager will still work if a user is signing up to a service that requires login credentials and passwords — the thinking here is that users are safer by adopting a suggested unique, strong password than reusing their personal favorites.
Chrome 86 is set for stable release starting October 6.
- Chromium Blog