Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday September 20 2022, @09:30PM   Printer-friendly
from the yore-sew-rite! dept.

Your data may be in danger if you use a spellchecker:

If you like to be thorough and use an advanced spellchecker, we have some bad news — your personal information could be in danger.

Using the extended spellcheck in Google Chrome and Microsoft Edge transmits everything you input in order for it to be checked. Unfortunately, this includes information that should be strictly encrypted, such as passwords.

This issue, first reported by JavaScript security firm otto-js, was discovered accidentally while the company was testing its script behaviors detection. Josh Summitt, co-founder and CTO of otto-js, explains that pretty much everything you enter in form fields with advanced spellchecker enabled is later transmitted to Google and Microsoft.

“If you click on ‘show password,’ the enhanced spellcheck even sends your password, essentially spell-jacking your data,” said otto-js in its report. “Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII [personally identifiable information], including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company’s enterprise credentials to internal assets like databases and cloud infrastructure.”

Many people use “show password” in order to make sure they haven’t made a typo, so potentially, a lot of passwords could be at risk here. Bleeping Computer tested this further and found that entering your username and password on CNN and Facebook sent the data to Google, while SSA.gov, Bank of America, and Verizon only sent the usernames.

[...] If you’d rather not have your personal data transmitted to Microsoft and Google, you should stop using the advanced spellchecker for the time being. This means disabling the feature in your Chrome settings. Simply copy and paste this into your browser’s address bar: chrome://settings/?search=Enhanced+Spell+Check.

For Microsoft Edge, the advanced spellchecker comes in the form of a browser add-on, so simply right-click the icon of that extension in your browser and then tap on Remove from Microsoft Edge.


Original Submission

 
This discussion was created by martyb (76) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday September 22 2022, @02:13AM

    by Anonymous Coward on Thursday September 22 2022, @02:13AM (#1272934)

    > ... I regularly screw up homophones.

    My problem is messing up two letter words that share one letter -- of/on, if/in, at/it, etc. Anyone know if there is a name for this problem?

    I first noticed it during the editing process of a ~900 reference/text book, about 30 years ago (MS-DOS/ascii wordprocessor). My brute force solution was to keep a small file with all these pairs (the mistakes could go either way) and I spent considerable time running through all the text with search & conditional-replace for each of the short words. Caught dozens of them...but sadly not all, every now and then someone spots one and they are kind enough to let me know.