Information
Google Chrome can use a list of origins (URLs) or hostname patterns (such as '*.example.com') for which security restrictions on insecure origins will not apply and are prevented from being labeled as 'Not Secure' in the omnibox.
The recommended state for this setting is: Disabled (0)
Rationale:
Insecure contexts shall always be labeled as insecure.
Impact:
None - This is the default behavior.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Disabled:
Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Origins or hostname patterns for which restrictions on
insecure origins should not apply
Note: The UI path defined in the chrome.adml includes a line break between the on and the insecure. In some views, the line break is correctly rendered, in others not.
Default Value:
Unset (Same as Disabled, but user can change)