Google is making yet another security improvement to the browser. For websites opened via the plain HTTP protocol the Autofill feature will be disabled by default. This may potentially prevent your sensitive data leak.
Each time you enter some credentials for a website, Google Chrome asks you to save them. The next time you open the same web site, your browser will auto-fill the saved credentials.
The same works for other web form data. The browser can remember your name, your surname, addresses, and much more. For individual websites Chrome may remember their unique form data you have previously entered.
Starting in Chrome 86, the browser won't provide the autofill data for forms hosted on websites that open via the unencrypted HTTP. The browser will instead show a red warning text that the form is not secure.
If you submit the form, you will see an extra screen telling that it is risky to send the information.
Google noted, however, that the unique password generator of Chrome's password manager will continue to work on not secure forms. According to the company, a weak password is still worse than the potential risk of traffic captured by a third-party.