Google Chrome Now Blocks Insecure Scripts on HTTPS
As you can see from the above screenshot, Google Chrome now shows you a message saying that it has blocked an insecure script from running on the browser, whilst proving you an option to "Load Anyway". This is done to protect users from running harmful scripts on their system.
This behavior in Google Chrome is similar to them blocking users from accessing harmful websites that they have in their database an will be useful in protecting users.
The help page on this topic shows what Google is doing exactly:
When this is not the case (sometimes called a “mixed script” situation), visitors to the site run the risk that attackers can interfere with the website and change the script so as to serve their own purposes.
Traditionally, browsers have run the mixed script, genuine or not, and notified you after-the-fact by a broken lock icon, a dialog box, or a red https:// in the location bar (in the case of Google Chrome). The problem with this approach is that by the time the script has run, it is already too late, because the script has had access to all of the data on the page.
Google Chrome now protects you by refusing up-front to run any script on a secure page unless it is also being delivered over HTTPS. Data on the page remains secure even in the presence of an attacker, but the downside is that this may cause pages to display improperly. You may wish to let the website owner know that their site is not properly secured. (Note that a poorly-written extension can also sometimes cause this).
You can bypass this protection by clicking “Allow Anyway”, in which case Google Chrome will refresh the page and load the insecure content. You will then see an https:// displayed in red in the location bar indicating that the page could not be secured.
The above description says that Chrome is only blocking scripts which are served through non-HTTPS on a HTTPS connection. Hopefully, the will improve this behavior and also display the same message on the browser when a known rogue script is running on a website.