Back in February, Google announced its plans to label all sites accessed over regular unencrypted HTTP as “not secure,” starting in July. Today, the company described the next change it will make to its browser: in September, Google will stop marking HTTPS sites as secure.
The background to this change is the Web’s gradual migration to the use of HTTPS rather than HTTP.
Most HTTP sites will get a regular gray “Not secure” label in their address bar. If the page has user input, however, that grey label will become red, indicating the particular risk the page represents: Web forms served up over HTTP could send their contents anywhere, making them risky places to type passwords or credit card numbers.