Chrome: Google reportedly patching Autofill feature security flaw in upcoming update
The update is slated for October and would alert users if the information they supply on a secure (HTTPS) webpage would be submitted via insecure means.
To improve the user experience for their apps, developers often add new features or tweak existing ones. In the case of Google's Chrome, it has become the go-to browser on almost every platform. However, aside from issues regarding its RAM usage, which has been the subject of controversy among the tech industry, a potential security flaw might finally be resolved. It seems the Autofill feature, which makes it convenient for people when filling out the information in certain fields, could expose sensitive data
Therefore, in a post on the Chromium Blog, Google confirmed that an upcoming version of the Chrome browser will finally fix it. The update is slated for October and would alert users if the information they supply on a secure (HTTPS) webpage would be submitted via insecure means. The developers assured that the password manager option will still function as intended.
The moment the Chrome detects that a mixed form, the browser will alert the user about its insecure nature. Autofill will be automatically disabled but details can still be manually typed in the fields. Before it is submitted, another full-page warning that reads: "The information you're about to submit is not secure," Just below will be another line of text that explains: Because this site is using a connection that's not secure, your information will be visible to others."
"Beginning in M86, Chrome will warn users when they try to complete forms on secure (HTTPS) pages that are submitted insecurely. These 'mixed forms' (forms on HTTPS sites that do not submit on HTTPS) are a risk to users' security and privacy. Information submitted on these forms can be visible to eavesdroppers, allowing malicious parties to read or change sensitive form data," explained Google.
Until the new update is ready to download, users can only spot mixed forms via the address bar. Just before the URL, a secure (HTTPS) website will have a lock icon. If there is none, it means the page or form can likely be exploited by cybercriminals. Google admits that it failed to properly educate Chrome users about the risks involved. Now, it's even encouraging developers to migrate their website's forms to HTTPS.
© Copyright IBTimes 2024. All rights reserved.