According to information shared by Josh Summit – Co-founder and CTO of otto Javascript these spellcheck features in both browsers are leaking sensitive data that you enter in the website’s form field. For example, username, email, DOB, SSN, or anything that you type in the form field to sign into the website. Apart from that, if you click on the “Show password” option, the same feature on both browser even send the password to company servers. Josh Summit has uploaded a video in which you can see how easily your data is sent when the spell check feature is enabled either in Chrome or Edge browser. If you made upto this video, then it’s possible that you’re using Edge or Chrome browser and the spell check feature is enabled, right?
Stop Chrome, Edge Spell Check feature from leaking Passwords
To stop the Edge and Chrome browsers from sending your sensitive data, what you can do is disable the enhanced spell check feature in both browsers. In the Edge browser, address bar, copy this: edge://settings/languages and hit enter. Head over to ‘Use writing assistance‘ and select Basic. In the Chrome browser address bar, copy-paste this: chrome://settings/languages and hit enter. Head over to the Spell check section and select Basic Spell check. After doing this, the browser will perform a spell check locally and as a result, you can protect your sensitive data that’s been sent to the company’s servers. What do you think of this Microsoft Edge and Google Chrome security issue? Let us know your opinion in the comments. Source – BleepingComputer, otto-js.com