This is, alas, entirely by design. Early internet browsers (e.g. IE2) warned users when they entered and left secure areas, and these prompts were immediately annoying and removed in future browser versions.

HTTPS adoption is growing quickly and it may be practical to introduce some sort of warning when leaving HTTPS pages in a few years, but for now, this is working as intended.

I was actively using every major browser in that time frame and yes, I remember the annoying popups "You are about to leave a secure connection!"

The problem here is that Chromium is eroding the security posture for everyone if an HTTPS link is typed in or pasted and the user ends up in a non-secure environment.  I'm certain the design needs to be revisited given the changes in HTTPS adoption and implementation since IE2.  I wrote a longer essay on the subject here: https://medium.com/@ralphtice/the-impossibility-of-refuting-fake-news-in-mainstream-media-c2485cb72292#.ndhcp9ww8

I understand there are serious user experience ramifications for making any changes to the current flow.  We also have quite serious issues of trust and authenticity.  I originally became aware of this problem because of the AMP project, which more directly exposes whether pages fetched by the Google search engine are secure or not.  The presence of HTTP in the request chain for mainstream media journalism means I have less confidence in both the cached content that Google is serving me as well as the confidence in the content served from the media organizations I described, which a large percentage of the Chromium user base relies on for facts.

By opening this up for change (and please, escalate this as a UX concern rather than a direct security concern if you prefer to have) there is an opportunity to improve the trust in the Google brand and the brands of publishers who rely on Google for ad revenue and the brands of advertisers who purchase ad space on media properties.

Thanks for your time & consideration.

I can imagine such warnings being introduced in more specific circumstances than in early IE, and therefore being less intrusive.

Say I manually type an https: address and it redirects to an http: address. In this situation I'm being explicit about my intent to use a secure connection, and would really like Chrome to tell me if that's not possible.

A broader use might be to warn when navigating from secure to insecure within the same domain. Some websites (I think Amazon is an example) load over HTTPS if explicitly requested but then subsequent internal links go back to HTTP. I'm always upset when this happens.

When navigating between domains, however, e.g. from a secure Google search to an insecure website, I would not expect a warning (this would indeed be annoying). And there was never a suggestion to warn when *entering* a secure area (which I believe early IE did).

Can this be moved from security bug to UI feature request?