Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing getUserMedia() from insecure contexts. getUserMedia() is a powerful feature that allows access to the microphone and camera of the user agent's machine, which is a powerful privilege escalation for HTTP content injection. This will remove that attack vector by only allowing it over HTTPS.
Docs: Part of the larger effort to remove powerful features on insecure origins: https://chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins blink-dev discussion and API owner approval: https://groups.google.com/a/chromium.org/forum/#!topic/blink-reviews/NdkY1SUxxV4 https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia%20