Sep. 19 (Portaltic/EP) –
The browsers of Google and Edge is it so filtering sensitive data from users to third-party websites and servers due to an issue affecting Chrome and Edge’s improved spell checker.
otto-js co-founder and CTO Josh Summitt discovered a security issue in the Chrome and Edge browsers while testing the company’s scripting behavior detection.
The error, located in the improved spell check of Chrome and MSEditor of Edge, sends the data that users enter in the forms to the websites where they were trying to log in, as collected in the company blog.
Google already points out in its Support blog that the improved spell check Chrome sends the text that the user types in the browser to Google to improve spelling suggestions. For its part, MSEditor is an extension available for Chrome and Edge that offers intelligent grammar and spelling suggestions, for which you need to connect to a Microsoft online service.
This means that if the user has one of these tools activated, any text they type in the browser (name, username, email, date of birth, among other information)), also in the login windows ‘online ‘, is sent to Google and Microsoft servers.
Although initially it may be a problem of lack of training on the part of the user on both tools, the problem worsens if the user clicks on the ‘show password’ option, which is usually used to check that it has been typed correctly, since it is displayed in plain text. If enabled, the enhanced spell checker of either browser parses that information like any other text and sends it to third-party servers.
Summitt, who has called this security flaw ‘spell-jacking’, has shared that the top five sites with exposure for companies are Office 365, Alibaba’s cloud service, Google Cloud’s Secret Manager, AWS Secret Manager and LastPass. These last two have mitigated the problem.
![[Img #74692]](https://thelatestnews.world/wp-content/uploads/2024/12/What-do-11-and-12-year-old-boys-and-girls-300x200.jpg)
Add Comment