Autofill: why should you disable it immediately


Google Chrome has not yet fixed a known vulnerability in Autofill (autofill) published for 2013 for the first time.

With this vulnerability, a hacker can hide the fields of a login form on a web page, and Chrome will fill in his or her own personal information if you choose to use AutoFill or Autofill.

The following gif describes the problem:

Autofill

The hampie user of GitHub presented it with the following JavaScript:

var-autocompletes = ['name', 'honorific-prefix', 'given-name', 'additionalname', 'familyname', 'honorific-suffix', 'nickname' ',' address-line1 ',' address-level2 ',' address-level3 ',' address-line4 ',' 'cc-name', 'cc-given-name', 'cc-additional', 'address-level3', 'address-level2', ' name, cc-exp-year, cc-exp-year, cc-csc, cc-type, transaction-currency 'bday', 'bday-day', 'bday-year', 'sex', 'url', 'photo', 'tel' 'tel-country-code', 'tel-national', 'tel-area-code', 'tel-local', 'tel-local-prefix' 'impp']; e-mailField.addEventListener ('focus', function () {var wrap = autocompletes.reduce (function (wrapper, field) {var input = document.createElement ('input'); // make them not focussable input.tabIndex = -1 ;); document.createElement ('div'); // Hide the wrapper wrap.classList.add ('hidden'); form.appendChild (wrap) ); // Inject the autocompletes once this.removeEventListener ('focus', arguments.callee);});

Of course, we recommend turning off Chrome's auto-fill feature immediately.
Let's also look at the fastest way to disable autocomplete on Chrome:

Open the address:

chrome://settings/autofill

and disable the function:

That's it. You are safe from this exploit.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news