Google company
It is noted that currently more than 90% of sites are opened by Chrome users using HTTPS. The presence of inserts loaded without encryption creates security risks through the modification of unprotected content when there is control over the communication channel (for example, when connected via open Wi-Fi). The mixed content indicator is considered ineffective and misleading to the user, as it does not provide an unambiguous assessment of the page's safety.
Currently, the most dangerous types of mixed content, such as scripts and iframes, are already blocked by default, but images, sound files, and videos can still be downloaded from http://. Through image spoofing, an attacker can substitute cookies for tracking user actions, try to exploit vulnerabilities in image processors, or commit fraud by replacing the information presented in the image.
The introduction of blocking is divided into several stages. In Chrome 79, scheduled for December 10, there will be a new setting that will allow you to turn off blocking for specific sites. This setting will apply to mixed content that is already blocked, such as scripts and iframes, and will be invoked through the drop-down menu when clicking on the lock symbol, replacing the previously proposed indicator for disabling blocking.
Chrome 80, which is due February 4, will implement a soft sound and video blocking scheme that automatically replaces http:// with https:// links, which will keep working if the problematic resource is also available via HTTPS. Images will continue to load as is, but when loaded via http:// on https:// pages, an insecure connection indicator will be displayed for the entire page. Site developers can use the upgrade-insecure-requests and block-all-mixed-content CSP properties to autocorrect to https or block images. In the March 81 release of Chrome 17, mixed image uploads will autocorrect http:// to https://.
In addition, Google
To maintain confidentiality, when accessing an external API, only the first two bytes of the hash from the combination of login and password are transmitted (the algorithm is used for hashing
Source: opennet.ru