Your browser's spell check is causing data leakage

An analysis by JavaScript security firm Otto-JS found that some extended spell checking features added to Google Chrome and Microsoft Edge are causing data leak. They transmit form data, including Personally Identifiable Information (PII) and, in some cases, passwords, to the owner of the respective web browser.

Read more: How to prevent the leakage of personal data by applications?

see more

Experts say AI is a force for good

Mother registers daughter named Barbie and son was almost named Ken

Finding the Data Leak

It was Josh Summitt, co-founder and CTO of Otto-JS who figured this all out and warned that these spell check features are often active even if users are unaware.

Both browsers have built-in basic spell checking enabled by default and do not transmit data back to Google or Microsoft. However, Chrome's 'Enhanced Spellcheck' extension and Edge's 'Microsoft Editor' are optional add-ons.

That said, users need to explicitly consent, and while it's obvious that their data will be sent back to both companies to improve the product, it's not so obvious that this might include your PII.

Access to all data online

The security firm said that Chrome and Edge working together with most text fields on a webpage can access "basically anything".

This means that all data entered online, including your date of birth, details of payment, contact information, logins and passwords can be sent back to Google browsers and Microsoft.

Summitt even said that if the "show password" option is enabled, the resource will still be sent to third-party servers. Bleeping Computer reports that it discovered that Chrome was used to transmit usernames to SSA.gov, Bank of America and Verizon, and the passwords were also exposed to CNN and Facebook in that manner.

What would be the solution?

One way to minimize exposure is for web developers to include a detail called “spellcheck=false” in all input fields that might require sensitive information.

Thus, this will effectively block these fields from spell checkers in browsers, although it will mean that spell checking will be disabled for these entries.

On the user side, temporarily disable the enhanced spell checker or remove it entirely from the browser seems to be the only way to protect your data, at least until one of the companies revises their privacy policy. privacy.

Forebears: origin of your last name, popularity and trivia

Finding out more about your family history and ancestry is very important for many people. With t...

read more
Big luck with a simple 50 cent coin you didn't even imagine

Big luck with a simple 50 cent coin you didn't even imagine

Within several types of collection, we have those aimed at coins. Collectors in this niche are al...

read more

Check out which is the 50 cent coin that can be worth up to R$ 700

Among collectors of coins there is a classification that establishes how valuable they are, accor...

read more