Google is making a small but important change in how it presents security-related information about websites when using Chrome. Starting with version 56, now in beta, non-secure sites that transmit passwords or credit card data will include the text “Not secure” next to the icon in the address bar, in an effort to increase user awareness of how secure the websites they visit are.
The goal is to push more website owners into securing their websites using HTTPS.
Currently, insecure sites display an “i” icon which, when clicked, displays a message that says “Your connection to this site is not private” along with information about the cookies received from the site and the permission settings (access to location data, camera, mic, etc. ) for the site. Prior to Chrome 53, secure sites displayed the familiar padlock icon next to the URL, while insecure sites showed no icon at all.
Google recently found that more than half of Chrome desktop page loads are now served over HTTPS, up from around 40 percent in Spring of last year. In its Transparency Report on HTTPS Usage, Google's charts show a healthy rise in pages being loaded over HTTPS between April 2015 and October 2016.
Aside from more prominent warning about non-secure websites, other additions in Chrome 56 include Web Bluetooth support and some new APIs that add functionality to mobile sites. The latest beta build is out now for Windows, OSX and Android via the Canary beta release channel.