Chrome 84/85+ bfcache remembering passwords when going back in history

Question

It seems like Chrome recently changed its behaviour (probably due to bfcache changes?) when the user is going back in the history, backing to a page that contains a password field.

Previously, any password fields were always made empty when the user did go back like that. Normal text fields were kept with "old user input", which is good, but not password fields. Which seems reasonable :-)

Note that I am here of course only talking about pages that are allowed to be cached.

Now, since like Chrome version 84/85 or similar, when going back in history, any password that the user entered on the old page is still presented in its field (and may be retrieved via javascript in the console, which of course is NOT good)

All other types of fields (text, textarea, checkbox, etc) of course contain the old user input values when backing, that was done both previously and now today. But my impression is that PASSWORD fields were previously always emptied -- and that they nowadays retain their old user input.

Note that Edge and Firefox and IE does NOT do this when backing. Not even today. They keep text field contents, but empty out password fields, as expected.

This situation is quite insecure, right?. If the user leaves the computer, someone else may "go back" a few times, retrieve the password that was input by the user on the login page, and then "go forward" again. Not good :-(

Does anyone have any feedback/comment on this? Or is this just me? :-)

Please test at https://tolva.se/test/testback.htm -- do you get different behaviour when using Chrome, compared with when using Edge, FF or IE?

The test page contains the following:

<html>
<head>
<script>
function g(name) { return document.getElementById(name).value; }
</script>
</head>
<body>
<form autocomplete="off">
  Text: <input type=text id=T><br>
  Pwd: <input type=password id=P><br>
  <a href="#" onClick="alert('Text='+g('T')+'\nPwd='+g('P')); return false;">Display field contents</a><br>
  <a href="testback2.htm">Go to next page</a><br>
  <br>
  Please enter some text into the two fields (use the link "Display..." to check the contents)<br>
  Then go to next page, and then go back again.
</form>
</body>
</html>

The second file testback2.htm simply contains a text that says "please go back and check what is now in the form fields" :-)

Any ideas why Chrome has begun keeping the content in passwords fields when going back to a page that is in the bfcache?

Do note that for instance adding an will stop this behaviour (that is documented). However, then also text fields are not remembered. So that is not a solution.

/Stefan Lennerbrant