Your browser’s spell check is causing data leakage

An analysis by JavaScript security firm Otto-JS found that some extended spell checking features added to Google Chrome and Microsoft Edge are causing data leak. They transmit form data, including Personally Identifiable Information (PII) and, in some cases, passwords, to the respective web browser owner.

Read more: How to prevent the leakage of personal data by applications?

Discovering the data leak

It was Josh Summitt, co-founder and CTO of Otto-JS who discovered all this and warned that these spell check features are often active even if users are unaware.

Both browsers have built-in basic spell checking enabled by default and do not transmit data back to Google or Microsoft. However, Chrome’s ‘Enhanced Spellcheck’ extension and Edge’s ‘Microsoft Editor’ are optional add-ons.

That said, users do need to explicitly authorize, and while it’s obvious that their data will be sent back to both companies to improve the product, it’s not so obvious that this might include their PII.

Access to all online data

The security firm said that Chrome and Edge, working in tandem with most text fields on a web page, can access “basically anything”.

This means that all data entered online, including your date of birth, payment details, contact information, logins and passwords can be sent back to Google and Microsoft browsers.

Summitt even said that if the “show password” option is enabled, the feature will still be pushed to third-party servers. Bleeping Computer reports that it found that Chrome was used to broadcast usernames to SSA.gov, Bank of America, and Verizon, and passwords were also exposed to CNN and Facebook in this way.

What would be the solution?

One way to minimize exposure is for web developers to include a detail called “spellcheck=false” in all input fields that might require sensitive information.

Thus, this will effectively block these fields in the browsers spell checker, although it means spell checking will be disabled for these entries.

On the user side, temporarily disabling the improved spell checker or removing it entirely from the browser seems to be the only way to protect your data, at least until one of the companies reviews their privacy policy.

About Raju Singh

Raju has an exquisite taste. For him, video games are more than entertainment and he likes to discuss forms and art.

Check Also

Codiguin Free Fire: Here’s what’s new for this Saturday, September 24, 2022

We already know all Free Fire codes for today, Saturday 24th September 2022see below. Garena …