I went through a round up maintenance on one of my sites today and, in smoke testing after a Joomla / eShop point update, I noticed Chrome complaining about insecure scripts. (site is configured as https).
Investigating, I found that on content pages and, more critically, the checkout pages, there are multiple calls to fonts.gstatic.com over http from both jquery and mootools.
Initially, customers see a warning like this....
If they opt to allow scripts, they will then see this dire warning (not ideal on an eCommerce site!);
Here are partial grabs from developer tools. I had a look at some of the http links and all are available as https. Can this be resolved in a future release?