Spell checking in Chrome & Edge exposes your passwords

Μια δυσάρεστη ανακάλυψη δημοσιοποίησε ένας ερευνητής ασφάλειας. Το πρόγραμμα περιήγησης Google Chrome, καθώς και το πρόγραμμα περιήγησης της Microsoft Edge που βασίζεται στο Chromium, σε ορισμένες περιπτώσεις μεταδίδουν προσωπικά δεδομένα από φόρμες στην Google και τη Microsoft αντίστοιχα.

This includes passwords. Browsers' Extended spell checker is the main culprit.


The research team at Otto, a security company specializing in JavaScript (otto-js.com), examined the two browsers Google Chrome and Microsoft Edge and made the unpleasant discovery that both browsers can transmit the user's personal data at Google and Microsoft.

The data in question is form data that the user must enter when visiting websites in the browser.

These can be usernames, email addresses, social security numbers, etc., but also passwords. Normally, this data should only be transmitted to the website visited by the respective user. However, with the Advanced Spell Check feature, which can be enabled in Google Chrome, these entries are transmitted to Google for verification. Something similar happens in Microsoft Edge. In a post published on September 16, 2022, the security researchers state:

Chrome's enhanced spellcheck and Edge's MS editor (enhanced spellcheck and MS Editor) send data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, from websites you connect to when these features enabled. If you click “show password”, the improved spell checker even sends your password.

The team documented an example with a link to the Alibaba website in its blog post.


Chrome browser users have the option to disable the Advanced Spell Check feature from Chrome Settings in Sync and Google Services (use the internal address chrome://settings/?search=Enhanced+Spell+Check).

For Edge, Microsoft Editor's spell and grammar checker is a browser add-on that must be uninstalled.

Read more details

iGuRu.gr The Best Technology Site in Greece
Follow us on Google News

Chrome, Edge, google, microsoft, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).