Spell checking in Chrome & Edge exposes your passwords

An unpleasant discovery was made public by a security researcher. The Google Chrome browser, as well as the Chromium-based Microsoft Edge browser, in some cases transmit personal data from forms to Google and Microsoft respectively.

This includes passwords . Browsers' Extended spell checker is the main culprit.

leak

The research team at Otto, a ασφαλείας που ειδικεύεται στο JavaScript (otto-js.com), εξέτασε τα δύο browser Google Chrome and Microsoft Edge and made the unpleasant discovery that both browsers can transfer the user's personal data to Google and Microsoft.

The data in question is form data that the user must enter when visiting websites in the browser.

These can be usernames, email addresses, social security numbers, etc., but also passwords. Normally, this data should only be transmitted to the website visited by the respective user. However, with the Advanced Spell Check feature, which can be enabled in Google Chrome, these entries are transmitted to Google for verification. Something similar happens in Microsoft Edge. In a post published on September 16, 2022, the security researchers state:

Chrome's improved spell checker and program Edge's MS (enhanced spellcheck and MS Editor) send data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, from websites you connect to when these features are enabled. If you click “show password”, the improved spell checker even sends your password.

The team documented an example with a link to the Alibaba website in its blog post.

Protection

Chrome browser users have the option to disable the Advanced Spell Check feature from Chrome Settings in Sync and Google Services (use the internal address chrome://settings/?search=Enhanced+Spell+Check).

For Edge, Microsoft Editor's spell and grammar checker is a browser add-on that must be uninstalled.

Read more details

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Chrome, Edge, google, microsoft, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).