Edge and Chrome checkers can expose passwords

A recent study by the research team of otto-js I found a serious problem. Data checked by both Microsoft Editor and Google Chrome Enhanced Spell Checker are sent to Microsoft and Google respectively. This data can contain anything. From username, email, date of birth, social security number. Essentially anything entered into the text box is checked by these functions.

As an additional note, You can also send your password this way. But only when I press the button "Show password"convert the password to clear text and check it.

Index

    Google and Microsoft release passwords

    Important issues are resolved around Sensitive user personally identifiable information (PII). This is a key concern for corporate credentials when accessing internal databases and cloud infrastructure.In the image below, it is shared by otto-jsNow you can see that the user has logged into Alibaba Cloud and the data is shared with Google.

    Some companies have already taken steps to prevent it.so much AWS security teams such as LastPass have confirmed that updates have mitigated this. the problem is already baptized "Spelljacking"Most worryingly, these settings are very easy for users to take effect. And it can lead to data leaks without anyone even noticing. The otto-js team ran tests on 30 of her websites from various industries.discover it 96.7% sent data with PII to Google and Microsoft.

    Interestingly, the only website that mitigated this group of problems it was google, but only for some services, not all products tested. At this time, the otto-js research team recommends avoiding these extensions and configurations until this issue is resolved.

    Leave a Reply

    Your email address will not be published.

    Go up