Μια δυσάρεστη ανακάλυψη δημοσιοποίησε ένας ερευνητής ασφάλειας. Το πρόγραμμα περιήγησης Google Chrome, καθώς και το πρόγραμμα περιήγησης της Microsoft Edge που βασίζεται στο Chromium, σε ορισμένες περιπτώσεις μεταδίδουν προσωπικά δεδομένα από φόρμες στην Google και τη Microsoft αντίστοιχα.
This includes passwords. Browsers' Extended spell checker is the main culprit.
The data in question is form data that the user must enter when visiting websites in the browser.
These can be usernames, email addresses, social security numbers, etc., but also passwords. Normally, this data should only be transmitted to the website visited by the respective user. However, with the Advanced Spell Check feature, which can be enabled in Google Chrome, these entries are transmitted to Google for verification. Something similar happens in Microsoft Edge. In a post published on September 16, 2022, the security researchers state:
Chrome's enhanced spellcheck and Edge's MS editor (enhanced spellcheck and MS Editor) send data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, from websites you connect to when these features enabled. If you click “show password”, the improved spell checker even sends your password.
The team documented an example with a link to the Alibaba website in its blog post.
Chrome browser users have the option to disable the Advanced Spell Check feature from Chrome Settings in Sync and Google Services (use the internal address chrome://settings/?search=Enhanced+Spell+Check).
For Edge, Microsoft Editor's spell and grammar checker is a browser add-on that must be uninstalled.