1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Your browser spellchecker could be leaking your passwords

    From TechnologyDaily@1337:1/100 to All on Mon Sep 19 18:45:03 2022
    Your browser spellchecker could be leaking your passwords

    Date:
    Mon, 19 Sep 2022 17:26:11 +0000

    Description:
    Extended spellcheckers in Google Chrome and Microsoft Edge have been found to be exposing passwords, payment details, and more.

    FULL STORY ======================================================================

    Some extended spellchecking features added into Google Chrome and Microsoft Edge web browsers have been found to be leaking sensitive information back to their parent companies.

    An analysis by JavaScript security firm otto-js found most users enable features that they believe to be beneficial to their productivity, only to find that they are leaking their own personal information such as usernames, emails, passwords, and more, to the browsers respective companies.

    Both browsers have basic, built-in spellchecking features enabled by default, which do not transmit data back to Google or Microsoft. Chromes Enhanced Spellcheck and Edges Microsoft Editor are exclusively opt-in add-ons that users must explicitly authorize, and while its made clear that your data will be sent back to both companies to improve the products, its not so obvious that this could include your personally identifiable information (PII).
    Chrome and Edge password leaks

    Working in conjunction with most text fields on a webpage, both tools have access to basically anything, says otto-js. This means that any data you
    input online, including your date of birth, payment details, contact information, and login credentials could all be being sent back to Google and Microsoft. Read more

    We've rounded up the best password managers around



    LastPass hacked: Should you be worried about your passwords?



    Apple's quest to kill off the password is heading in the right direction

    Most websites that block out passwords online obscure this highly sensitive information from the spellchecking tools, but when a user clicks to uncover the text (maybe to check if they have typed it correctly), the information is subsequently exposed.

    Bleeping Computer reported it found the transmission of usernames to
    SSA.gov, Bank of America, and Verizon, using Chrome, with passwords also
    being exposed to CNN and Facebook only when the show password or equivalent button had been clicked.

    One way to minimize exposure is for web developers to include
    spellcheck=false to any input fields that may require sensitive information, effectively blocking out those fields from spellchecking tools, though this will of course mean that spellchecking will be disabled in these entries.

    On a users end, temporarily disabling enhanced spellcheckers or removing them entirely from a browser seem to be the only ways of protecting your data, at least until either company revises its privacy policy. Secure your data with the best ID theft protection services around



    ======================================================================
    Link to news story: https://www.techradar.com/news/your-browser-spellchecker-could-be-leaking-your -passwords/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)