It's all over Al Gore's amazing interwebs:

https://www.techspot.com/news/74698-chrome-remove-ecure-label-https-sites-september.html

@denbesten I humbly disagree. We should never assume that the internet is safe and Google taking that position is only showing their naiveté in understanding threats. Something we all were supposed to learn in CISSP. 

I don't think that anyone believes the Internet (as a whole) to be a safe place.  This is more about effectively communicating the relative security posture and risk of the site being visited.

Studies (Usenix,  Harvard/MIT, CMU) have backed up the theory that passive security indicators are not effective.  Fixing this requires being more "in your face" about exceptional concerns and avoiding crying wolf about the routine.

The original reference was lopsided in that it only mentioned what the Chrome overlords were taking away and ignored what was being added. Plenty of other sites (1, 2, 3, 4) have presented a more comprehensive picture of the happenings. Notably, In addition to removing  from HTTPS web sites, they will be adding  to HTTP web sites and  to sites that have suspicious indicators (e.g. bad certificate or entering a password over HTML).

Effectively, they are changing the default to warn about bad instead of praising what should be the norm.

Sadly, I'm slammed at work with a big project and my personal life is ridiculous right now with anniversaries (35 for my wife and I), b-days out the wazzo and recent engagement by one of my offspring-busy.  I don't have the time to even scan these articles let alone really put some thought and effort into them since you did the same. Thank you for doing that.

In any case, thanks for raising the question (well, comment).  It inspired me to take a moment to write down what I had figured out so that others can (hopefully) benefit from it.  Like you, my initial response was WTF.  It wasn't until I dug into it that things started to make sense.

I'm sure that the tables will be turned in a few months and I will be the one slammed.  Hopefully, I too will be able to lean on the community when that happens.

The WS at my customer location updated with the latest version of Chrome.  I'm a Firefox fan myself so I only use Chrome to follow their shenanigans.  I'd say 50% of the sites I visited using Chrome I got the "Not Secure" message, including some famous tech blogs!   I also use Chrome because it handles 2FA better then FF.

I use Chrome Incognito and they are HTTP sites that I go to.  Ding #1.

The site could have a form somewhere* that Chrome/Incognito throws up about. Ding #2.

*Really? What if the site doesn't go to HTTPS until you authenticate in? 

So I contacted the webmasters for these sites.  I showed them the write-up you get if you press F12 and click on the caution icon.  You get sent to a Google blog detailing why this is a security issue.  https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html

Their responses? LOL - what do you think it is?  I don't think Google's security posture is too widely known and it will upset more people then it will help in securing anything.  

I've already gotten several emails and calls from my network of people that still depend on me for their IT consultant even though I haven't done that in a while.  They notice what Google is doing and are panicked that the website they have used for years is now not secure all of a sudden?  Yeah.