SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Your Data May be in Danger If You Use a Spellchecker
Date    Tuesday September 20 2022, @09:30PM
Author    martyb
Topic   
from the yore-sew-rite! dept.
https://soylentnews.org/article.pl?sid=22/09/19/2059218

upstart writes:

Your data may be in danger if you use a spellchecker:

If you like to be thorough and use an advanced spellchecker, we have some bad news — your personal information could be in danger.

Using the extended spellcheck in Google Chrome and Microsoft Edge transmits everything you input in order for it to be checked. Unfortunately, this includes information that should be strictly encrypted, such as passwords.

This issue, first reported by JavaScript security firm otto-js, was discovered accidentally while the company was testing its script behaviors detection. Josh Summitt, co-founder and CTO of otto-js, explains that pretty much everything you enter in form fields with advanced spellchecker enabled is later transmitted to Google and Microsoft.

“If you click on ‘show password,’ the enhanced spellcheck even sends your password, essentially spell-jacking your data,” said otto-js in its report. “Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII [personally identifiable information], including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company’s enterprise credentials to internal assets like databases and cloud infrastructure.”

Many people use “show password” in order to make sure they haven’t made a typo, so potentially, a lot of passwords could be at risk here. Bleeping Computer tested this further and found that entering your username and password on CNN and Facebook sent the data to Google, while SSA.gov, Bank of America, and Verizon only sent the usernames.

[...] If you’d rather not have your personal data transmitted to Microsoft and Google, you should stop using the advanced spellchecker for the time being. This means disabling the feature in your Chrome settings. Simply copy and paste this into your browser’s address bar: chrome://settings/?search=Enhanced+Spell+Check.

For Microsoft Edge, the advanced spellchecker comes in the form of a browser add-on, so simply right-click the icon of that extension in your browser and then tap on Remove from Microsoft Edge.

Original Submission

Links
  1. "upstart" - https://soylentnews.org/~upstart/
  2. "Your data may be in danger if you use a spellchecker" - https://www.digitaltrends.com/computing/spellchecker-in-google-chrome-and-microsoft-edge-security-fault/
  3. "Google Chrome and Microsoft Edge" - https://www.digitaltrends.com/computing/microsoft-edge-vs-google-chrome/
  4. "report" - https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
  5. "Bleeping Computer" - https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=56919
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Your Data May be in Danger If You Use a Spellchecker on 2024-04-19 19:35:57