Browser Spell Checker May Be Leaking Your Passwords

Most of us spend hours on laptops working daily. If you’re a college student writing essays, an employee writing emails, or a writer working on articles/blogs, spell-checking is necessary to eliminate typos.

For this purpose, people use spell-check extensions on their browsers, highlighting errors and automatically correcting them. But here’s a caveat – these spell-check extensions might be leaking your passwords.

Online Spell Checkers Aren’t So Safe Anymore

JavaScript security organization otto-js, revealed that these spell-check extensions on the browser were found passing sensitive user information to Google and Microsoft. Josh Summit, co-founder and CTO of otto-js, recently found this flaw while analyzing a test run of his organization’s script behavior detection program.

A blog on the otto-js website published that whenever a user enters information in a form field on any website (if the spell-check extension is on), it sends the data to Google and Microsoft. The login and sensitive information you enter are not so secure anymore.

The VP of Engineering of otto-js, Walter Hoehn, revealed that this exposure results from unintended interaction between two features that are advantageous to users. The spell-checking features that Edge and Chrome browsers offer are much more enhanced and offer a major upgrade over the traditional dictionary-based methods.

Just like that, websites that allow users to display passwords in clear text are far more insecure and usable, especially passwords set by people with disabilities. These features, when used together, pose a real threat, resulting in password exposure.

Here’s What You Need to Do:

Luckily, you can easily eliminate this issue. If you haven’t manually enabled the spell-check extension on the browser, it remains turned off. This means that you are safe from this password leak threat.

Even if you have turned on the spell-check extension on your browser, you can remove the extension to turn it off. If you have turned on the spell-check feature on Microsoft Edge or Google Chrome, you can quickly turn it off from the browser’s settings.

Just think of all the passwords, tools and apps that Edge and Chrome have given Microsoft and Google servers access to! You can never be too safe online!