Tech

Enhanced spellcheckers like Microsoft Editor in Edge can transmit password info

Enhanced spellcheckers like Microsoft Editor in Edge can transmit password info #Enhanced #spellcheckers #Microsoft #Editor #Edge #transmit #password #info Welcome to Americanah Blog, here is the new story we have for you today:

You Can Click Here To View Restricted Videos/Images in this Article

Researchers at JavaScript security company otto-js, while testing script behaviors detection, noticed something unusual: enhanced spellcheckers, like the Enhanced Spellchecker in Google’s Chrome (off by default, needs to be turned on), or Microsoft’s Editor (an Edge plugin, needs to be installed), send potentially personal identifiable information (PII) to servers at Google and Microsoft, respectively.

What’s more, if users take advantage of the “Show Password” option, then passwords themselves can be transmitted, as well.

The info, potentially anything entered in form fields while these enhanced spell checkers are on, is only sent temporarily to Google, the company said:

“The text typed by the user may be sensitive personal information and Google does not attach it to any user identity and only processes it on the server temporarily. To further ensure user privacy, we will be working to exclude passwords proactively from spell check.”

In addition, turning on Enhanced Spell Checker in Chrome states that “(t)ext that you type in the browser is sent to Google.”

Both Microsoft and Google use company servers to perform the enhanced spellchecks, but in doing so may be opening up attack vectors that users may not be aware of.

You can read more about the research conducted by otto-js in their blog post.

(via BleepingComputer)

Share This Post:

Click Here To Continue Reading from Source

Related Articles

Back to top button