The comprehensive spell checker for Google Chrome and Microsoft Edge can send information that users enter on websites, including their passwords, to technology companies. This is what the security company says JS Otto. Chrome and Edge come with a standard spell checker. However, users can enable a more comprehensive spelling checker.
These more comprehensive spell-checkers can send information that users enter on websites, including personal information, to Google and Microsoft. In principle, it concerns everything, such as usernames, email addresses, and dates of birth, according to the security company. When the user clicks on the Show Password option to view the entered password, the password is also passed on to the technology companies.
“It’s annoying that customers can reveal confidential data by enabling harmless browser features and failing to understand that everything they type – including passwords – can be sent to third parties,” said Christopher Hoff, Head of Secure Technology at LastPass. Otto-js has investigated and identified the issue with Office 365, Alibaba Cloud, Google Cloud, Amazon Web Services, and LastPass. After informing him, Amazon and LastPass decided to take action.
There are several measures to prevent the leakage of sensitive data. Websites can use the “spelling=false” option for all input fields. The option to display the entered password can also be disabled. Additionally, users can choose not to enable the enhanced spelling checker.
“Lifelong entrepreneur. Total writer. Internet ninja. Analyst. Friendly music enthusiast.”