Google introduces insecure form warnings in Chrome 86 Stable

Martin Brinkmann
Aug 18, 2020
Google Chrome

Many Internet sites rely on functionality that uses forms in one form or another. Here on Ghacks, we use forms in the comment section, but sites may use forms for a variety of purposes including bank transfer information, credit card data, a personal message to the webmaster, or to add comments to a file upload.

One of the main issues with forms is that it may not be clear right away if the data that is submitted is encrypted or not. Advanced users may check the site's code to check out the form, but the majority of users probably does not know how to do that.

Google plans to introduce insecure form warnings in the company's Chrome web browser in the near future. Starting in Chrome 86, the browser will warn users if a form is not secure. Additionally, it will also disable autofill on these forms automatically.

The company notes that insecure forms "are a risk to users' security and privacy", and explains that the information that is entered into insecure forms "can be visible to eavesdroppers" and that the data can be read or even changed.

this form is not secure
via Google

Google Chrome 86 comes with a layered approach of protection when it comes to insecure forms. The first thing that users may notice is that autofill is disabled; Chrome's password manager and the automatic filling out of username or passwords continues to work though, according to Google. An explanation as to why that is the case has not been provided at the time of writing.

chrome insecure form
via Google

Chrome users may still fill out forms manually and Chrome will show another warning to alert users that the form is not secure. A click on submit does not submit the form right away; Chrome displays an intermediary page first that contains yet another warning stating that "the information you're about to submit is not secure". Options to go back or to send the form anyway are provided.

Google Chrome 86 Stable will be released on October 6, 2020 according to the release schedule. Webmasters who still use insecure forms on their sites are encouraged to change that immediately.

Closing words

Insecure form warnings help users identify a problem that they may be unaware of. It is good that it is still possible to send the form, as there may be no other way at times. The fact that passwords are still autofilled by Chrome is problematic, and it is not clear why Google made the decision to allow the autofilling to happen in that case but not in others considering that passwords are in may cases more important than other form data.

Now You: What is your take on Google's decision?

Google introduces insecure form warnings in Chrome 86 Stable
Article Name
Google introduces insecure form warnings in Chrome 86 Stable
Google plans to introduce insecure form warnings in the company's Chrome web browser in Google Chrome 86 which it plans to release in October 2020.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. Tomasz said on December 16, 2020 at 8:00 pm

    Any chance users can white-list our own URLs?

  2. Anonymous said on December 14, 2020 at 3:40 am

    Very annoying.

  3. Maria said on December 9, 2020 at 8:51 pm

    Terrible…can’t even login without this popping up, so it is not really about forms.

  4. netizen said on October 2, 2020 at 2:11 pm

    I run a chat applcation and I’m being forced to put a warning for Chrome M86 users. When they focus the chat input field, Google says them that the form is insecure, no matter what hacks I use to disable autocomplete
    Should I welcome them with a warning that the Chrome message really means that Javascript is insecure in that browser, and that they better downgrade or switch to Firefox?

  5. snow white and the 7 crackheads said on August 19, 2020 at 5:12 am

    Would you trust a mafia with your house and pets? Then why your computer and personal files?

    1. Iron Heart said on August 19, 2020 at 8:02 am

      The choices here are big brother (Google, Microsoft) or big brother’s little brother (Mozilla). Or something sane for a change.

  6. Stv said on August 18, 2020 at 11:45 pm

    They hid (only on hover) in the search results that a site is not using “https://” and then they are complaining about their own results…Pathetic.

    They should show the protocol and punish (pushing down) “http://” sites in the search results for a start.

    Mozilla had this warning already.

  7. Iva Bush said on August 18, 2020 at 6:53 pm

    I fill out tons of online forms regarding environmental/convervation issues but use Roboform to fill them out. I trust it. Wouldn’t use a browser or little extension formfiller. That just doesn’t seem smart compared to a trusted password manager doing it for you.

  8. Zahra Ayat said on August 18, 2020 at 6:35 pm

    Hi Martin.
    do newer firefox, (i mean firefox Quantum), open http websites without warning or any issues?
    can people submit forms, comments, messages etc in these websites without warning, or impossibility and problem?

    1. Martin Brinkmann said on August 18, 2020 at 7:06 pm

      Yes you can access HTTP sites using Firefox.

  9. Anonymous said on August 18, 2020 at 4:33 pm

    This is their game. They profess to invoke something to keep you safe but that means they have to spy on the thing you do. The more safety and convenience they invent the more spying they can perform.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.