www.digitaltrends.com
Open in
urlscan Pro
192.0.66.16
Public Scan
URL:
https://www.digitaltrends.com/computing/spellchecker-in-google-chrome-and-microsoft-edge-security-fault/
Submission: On September 21 via api from SG — Scanned from DE
Submission: On September 21 via api from SG — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://www.digitaltrends.com
<form class="b-nav__search" action="https://www.digitaltrends.com" method="get" role="search">
<div class="b-nav__search-inner">
<input type="text" placeholder="Search" name="s">
<input type="submit">
</div>
</form>Text Content
Skip to main content
Menu
* Search
* Best ProductsBest Products
* Best Products
*
*
* See All
* * Computing
* Best Laptops
* Best Graphics Cards
* Best Desktop Computers
* Best Chromebooks
* Best Routers
* Best Gaming Laptops
* Mobile
* Best Phones
* Best Tablets
* Best Smartwatches
* Best Wireless Earbuds
* Best Fitness Trackers
* Best iPhones
* Audio / Video
* Best TVs
* Best Headphones
* Best Soundbars
* Best Speakers
* Best Streaming Devices
* Best Bluetooth Speakers
* More
* Best PS5 Games
* Best Xbox Series X Games
* Best Game Consoles
* Best Refrigerators
* Best Robot Vacuums
* Versus
* Product ReviewsProduct Reviews
* Product Reviews
*
*
* See All
* * Computing
* Laptop Reviews
* Monitor Reviews
* Desktop Reviews
* Mac Reviews
* Windows Reviews
* Mobile
* Phone Reviews
* Tablet Reviews
* Smartwatch Reviews
* Fitness Tracker Reviews
* iPhone and iPad Reviews
* Audio / Video
* TV Reviews
* Headphone Reviews
* Soundbar Reviews
* Speaker Reviews
* Media Streamer Reviews
* More
* Game Reviews
* Car Reviews
* Smart Home Reviews
* Vacuum Reviews
* Video Game System Reviews
* NewsNews
* News
*
*
* See All
* * Categories
* Computing
* Mobile
* Audio / Video
* Gaming
* Smart Home
* Entertainment
* Cars
* Brands
* Apple
* Microsoft
* Amazon
* Google
* Samsung
* Tesla
* SpaceX
* Platforms
* PlayStation
* Xbox
* Nintendo Switch
* Apple iOS 16
* Android 13
* Windows 11
* MacOS
* More
* 5G
* Streaming Media
* Wearables
* Space
* PC Gaming
* Wordle
* Small Business
* Buying GuidesBuying Guides
* Buying Guides
*
*
* See All
* * Computing
* Laptop Buying Guide
* Computer Monitor Buying Guide
* Chromebooks vs. Laptops
* Windows 11 vs. Windows 10
* MacBook Air vs. iPad Pro
* Mobile
* iPhone 13 vs. iPhone 12
* Apple Watch Series 6 vs. Fitbit Versa 3
* Samsung Galaxy A52 vs. iPhone SE
* Android vs. iOS
* Audio / Video
* QLED vs. OLED TV
* Soundbars vs. Speakers
* Soundbar Buying Guide
* 4K TV Buying Guide
* Surround Sound Guide
* More
* Xbox Series X vs. PS5
* Nintendo Switch vs. Switch Lite
* Nest Mini vs. Echo Dot
* 5G home internet
* Printer Buying Guide
* DealsDeals
* Deals
*
*
* See All
* * Computing
* Best Laptop Deals
* Best Printer Deals
* Best Monitor Deals
* Mobile
* Best Smartphone Deals
* Best Smartwatch Deals
* Best iPhone Deals
* Audio / Video
* Best TV Deals
* Best Headphone Deals
* Best Soundbar Deals
* More Deals
* Free Trial
* Disney Plus Free Trial
* ESPN Plus Free Trial
* DownloadsDownloads
* Downloads
*
*
* See All
* * Categories
* Browsers
* Office & Productivity
* Development Tools
* Learning
* Games
* Internet
* Music & Video
* Customization
* Security & VPN
* Social & Messaging
* OS & Tools
* Platforms
* Windows
* Mac
* Android
* iOS
* OriginalsOriginals
* Originals
*
*
* See All
* * Original Editorial Series
* Tech for Change
* Summer Gaming Marathon
* ReSpec
* Oscar Effects
* Women With Byte
* Better, Faster, Stronger
* Special Features
* Original Video Series
* Genius Home
* Life on Mars
* Picture This
* What’s in the Bag?
* The Future Of
* Robots Everywhere
* MoreMore
* More
*
*
* * Company
* About Us
* Advertise with Us
* Sponsored Content
* Digital Trends Media Group
* Careers
* Freelance Opportunities
* Press Room
* Digital Trends Wallpapers
* Our Brands
* DT en Español
* The Manual
* 21Oak
* NewFolks
* HappySprout
* PawTracks
* Trending:
* Wordle Today September 21
* Apple Responds to iPhone 14 Pro Camera Issue
* Modern Warfare II News
* Samsung Bespoke Jet Review
* Best Upcoming PS5 Games
* Evil West News
* Soulstice Review
1. Home
2. Computing
3. News
SPELLCHECKERS IN GOOGLE CHROME COULD EXPOSE YOUR PASSWORDS
By Monica J. White September 19, 2022 9:27AM
Share
If you like to be thorough and use an advanced spellchecker, we have some bad
news — your personal information could be in danger.
Using the extended spellcheck in Google Chrome and Microsoft Edge transmits
everything you input in order for it to be checked. Unfortunately, this includes
information that should be strictly encrypted, such as passwords.
Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords
This issue, first reported by JavaScript security firm otto-js, was discovered
accidentally while the company was testing its script behaviors detection. Josh
Summitt, co-founder and CTO of otto-js, explains that pretty much everything you
enter in form fields with advanced spellchecker enabled is later transmitted to
Google and Microsoft.
“If you click on ‘show password,’ the enhanced spellcheck even sends your
password, essentially spell-jacking your data,” said otto-js in its report.
“Some of the largest websites in the world have exposure to sending Google and
Microsoft sensitive user PII [personally identifiable information], including
username, email, and passwords, when users are logging in or filling out forms.
An even more significant concern for companies is the exposure this presents to
the company’s enterprise credentials to internal assets like databases and cloud
infrastructure.”
Related
Uber says it’s investigating ‘cybersecurity incident’
Computing·News
Read Next
Many people use “show password” in order to make sure they haven’t made a typo,
so potentially, a lot of passwords could be at risk here. Bleeping Computer
tested this further and found that entering your username and password on CNN
and Facebook sent the data to Google, while SSA.gov, Bank of America, and
Verizon only sent the usernames.
Both Microsoft Edge and Google Chrome come with built-in spellcheckers that are
pretty basic. These tools don’t require any further verification — what you
input stays within your browser. However, if you’re using Chrome’s Enhanced
Spellcheck or Microsoft’s Editor Spelling & Grammar Checker, everything you type
in the browser is then sent to Google and Microsoft respectively.
That, in itself, is not unexpected. When you enable the enhanced spellchecker in
Chrome, the browser tells you that the “text that you type in the browser is
sent to Google.” However, many people would expect that this excludes PII that
is often submitted in forms.
The severity of this depends on the websites you visit. Some form data may
include Social Security numbers and Social Insurance numbers, your full name,
address, and payment information. Login credentials also fall under this
category.
It’s understandable that your inputs are sent outside of the browser in order to
utilize the improved spellchecker, but it’s hard not to question how secure this
is when personal data also receives that same treatment.
HOW TO STAY SAFE
Andrew Brookes/Getty Images
If you’d rather not have your personal data transmitted to Microsoft and Google,
you should stop using the advanced spellchecker for the time being. This means
disabling the feature in your Chrome settings. Simply copy and paste this into
your browser’s address bar: chrome://settings/?search=Enhanced+Spell+Check.
For Microsoft Edge, the advanced spellchecker comes in the form of a browser
add-on, so simply right-click the icon of that extension in your browser and
then tap on Remove from Microsoft Edge.
Google has ensured that it doesn’t attach any user identity to the data it
processes for the spellchecker. However, it will work on excluding passwords
from this entirely. Microsoft said it will investigate the problem, but didn’t
follow up with Bleeping Computer beyond that just yet. Microsoft currently has
another problem with Edge: hackers are using it to run a malvertising campaign.
EDITORS' RECOMMENDATIONS
* This beloved TikTok hashtag just got its own app feature
* Windows 11 2022 Update: the best new features to try out today
* Windows 11 vs. Windows 10: Finally time to upgrade?
* What is Discord?
* Beware: Hackers are using a clever Microsoft Edge malvertising scam
UBER SAYS IT’S INVESTIGATING ‘CYBERSECURITY INCIDENT’
THIS MICROSOFT TEAMS EXPLOIT COULD LEAVE YOUR ACCOUNT VULNERABLE
WINDOWS 11 EXPLORES AN EXPANDED, FULL-SIZED WIDGET BOARD
UPDATE YOUR MAC NOW TO PATCH THIS CRUCIAL SECURITY FLAW
HOW TO JOIN A MICROSOFT TEAMS MEETING
HOW TO CREATE A BIBLIOGRAPHY IN WORD
BEST MAC MINI DEALS FOR SEPTEMBER 2022
BEST WIRELESS KEYBOARD DEALS FOR SEPTEMBER 2022
THE BEST WEBCAMS FOR 2022
THE BEST MONITORS FOR THE MAC MINI
THE BEST AIO COOLERS FOR YOUR PC IN 2022
BEST IPAD DEALS: LATEST MODELS ON SALE FROM $280
DON’T WORRY – THE RTX 4090 WON’T CAUSE ANOTHER GPU SHORTAGE
Upgrade your lifestyleDigital Trends helps readers keep tabs on the fast-paced
world of tech with all the latest news, fun product reviews, insightful
editorials, and one-of-a-kind sneak peeks.
* Facebook
* Instagram
* Twitter
* YouTube
* Pinterest
* LinkedIn
* TikTok
* Mobile
* Computing
* Gaming
* Audio / Video
* Connected Living
* Entertainment
* Automotive
* Space
* Streaming Guides
* Original Shows
* Downloads
* How-To
* About Us
* Contact Us
* Editorial Guidelines
* Logo & Accolade Licensing
* Sponsored Content
* Digital Trends Wallpapers
* Digital Trends in Spanish
* Manage Preferences
* Portland
* New York
* Chicago
* Detroit
* Los Angeles
* Toronto
* Careers
* Advertise With Us
* Work With Us
* Diversity & Inclusion
* Terms of Use
* Privacy Policy
* Do Not Sell or Share My Information
* Press Room
* Sitemap
Digital Trends Media Group may earn a commission when you buy through links on
our sites.
©2022 Digital Trends Media Group, a Designtechnica Company. All rights reserved.
ABOUT YOUR PRIVACY
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
* SOCIAL MEDIA COOKIES
* STORE AND/OR ACCESS INFORMATION ON A DEVICE
* PERSONALISED ADS AND CONTENT, AD AND CONTENT MEASUREMENT, AUDIENCE INSIGHTS
AND PRODUCT DEVELOPMENT
* USE PRECISE GEOLOCATION DATA
* ACTIVELY SCAN DEVICE CHARACTERISTICS FOR IDENTIFICATION
* ENSURE SECURITY, PREVENT FRAUD, AND DEBUG
* TECHNICALLY DELIVER ADS OR CONTENT
* MATCH AND COMBINE OFFLINE DATA SOURCES
* LINK DIFFERENT DEVICES
* RECEIVE AND USE AUTOMATICALLY-SENT DEVICE CHARACTERISTICS FOR IDENTIFICATION
YOUR PRIVACY
We process your data to deliver content or advertisements and measure the
delivery of such content or advertisements to extract insights about our
website. We share this information with our partners on the basis of consent.
You may exercise your right to consent, based on a specific purpose below or at
a partner level in the link under each purpose. These choices will be signaled
to our vendors participating in the Transparency and Consent Framework.
List of IAB Vendors
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
View Vendor Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
View Vendor Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
View Vendor Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
View Vendor Details
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be able
to use or see these sharing tools.
View Vendor Details
STORE AND/OR ACCESS INFORMATION ON A DEVICE
Store and/or access information on a device
Cookies, device identifiers, or other information can be stored or accessed on
your device for the purposes presented to you.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
PERSONALISED ADS AND CONTENT, AD AND CONTENT MEASUREMENT, AUDIENCE INSIGHTS AND
PRODUCT DEVELOPMENT
Personalised ads and content, ad and content measurement, audience insights and
product development
* SELECT BASIC ADS
Switch Label
Ads can be shown to you based on the content you’re viewing, the app you’re
using, your approximate location, or your device type.
* CREATE A PERSONALISED ADS PROFILE
Switch Label
A profile can be built about you and your interests to show you personalised
ads that are relevant to you.
* SELECT PERSONALISED ADS
Switch Label
Personalised ads can be shown to you based on a profile about you.
* CREATE A PERSONALISED CONTENT PROFILE
Switch Label
A profile can be built about you and your interests to show you personalised
content that is relevant to you.
* SELECT PERSONALISED CONTENT
Switch Label
Personalised content can be shown to you based on a profile about you.
* MEASURE AD PERFORMANCE
Switch Label
The performance and effectiveness of ads that you see or interact with can be
measured.
* MEASURE CONTENT PERFORMANCE
Switch Label
The performance and effectiveness of content that you see or interact with
can be measured.
* APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS
Switch Label
Market research can be used to learn more about the audiences who visit
sites/apps and view ads.
* DEVELOP AND IMPROVE PRODUCTS
Switch Label
Your data can be used to improve existing systems and software, and to
develop new products
List of IAB Vendors | View Full Legal Text Opens in a new Tab
USE PRECISE GEOLOCATION DATA
Use precise geolocation data
Your precise geolocation data can be used in support of one or more purposes.
This means your location can be accurate to within several meters.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
ACTIVELY SCAN DEVICE CHARACTERISTICS FOR IDENTIFICATION
Actively scan device characteristics for identification
Your device can be identified based on a scan of your device's unique
combination of characteristics.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
ENSURE SECURITY, PREVENT FRAUD, AND DEBUG
Always Active
Your data can be used to monitor for and prevent fraudulent activity, and ensure
systems and processes work properly and securely.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
TECHNICALLY DELIVER ADS OR CONTENT
Always Active
Your device can receive and send information that allows you to see and interact
with ads and content.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
MATCH AND COMBINE OFFLINE DATA SOURCES
Always Active
Data from offline data sources can be combined with your online activity in
support of one or more purposes
List of IAB Vendors | View Full Legal Text Opens in a new Tab
LINK DIFFERENT DEVICES
Always Active
Different devices can be determined as belonging to you or your household in
support of one or more of purposes.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
RECEIVE AND USE AUTOMATICALLY-SENT DEVICE CHARACTERISTICS FOR IDENTIFICATION
Always Active
Your device might be distinguished from other devices based on information it
automatically sends, such as IP address or browser type.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
Back Button
BACK
Vendor Search
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
* View Third Party Cookies
* Name
cookie name
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Reject All Allow All
WE CARE ABOUT YOUR PRIVACY
We can enhance your experience on this site by personalizing the content and ads
you view if you agree to let us use web tracking technologies such as cookies
that help us and our partners to understand how you interact with the site. This
information consists of, for example, unique web browsing history, precise
geolocation and unique identifiers. You can choose what technologies you allow
on the ‘Manage Preferences’ button located on every page, where you can change
your settings and withdraw consent any time.Privacy Policy
WE AND OUR PARTNERS PROCESS DATA AS FOLLOWS:
Use precise geolocation data. Actively scan device characteristics for
identification. Store and/or access information on a device. Personalised ads
and content, ad and content measurement, audience insights and product
development. List of Partners (vendors)
Reject All I Accept
Manage Preferences