The new release of browser Chrome 68 from Google marks all non-HTTPS website as Not Secure, thus cautioning the user that they are on the website at their own risk. The vulnerability, identified as CVE-2018-6177, takes advantage of a weakness in audio/video HTML tags and affects all web browsers powered by Blink Engine, including Google Chrome. Researchers reported that the vulnerability to Google with a proof of idea abuse, and the Chrome group fixed the issue in the recently released Chrome 68.”]
Source: https://hackercombat.com/how-did-this-chrome-bug-expose-user-facebook-details/