{"id":203666,"date":"2022-09-20T11:42:14","date_gmt":"2022-09-20T09:42:14","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=203666"},"modified":"2025-07-01T20:26:36","modified_gmt":"2025-07-02T03:26:36","slug":"chromes-spellchecker-exposing-passwords","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/chromes-spellchecker-exposing-passwords\/","title":{"rendered":"Chrome’s spellchecker could be exposing your passwords to hackers"},"content":{"rendered":"\n

Spellcheckers are an extremely helpful feature that boost productivity by allowing us to quickly and more easily give our typed documents and inputs a proofread and check. Unfortunately, however, when it comes to in-built web browser spellcheckers there is a security weak point that we need to take into account<\/strong>. Are they checking our passwords and, if so, is anybody able to access that spellchecking data. The answers to these questions seem to be troubling. Let\u2019s check it out.<\/p>\n\n\n

\r\n
\r\n
\r\n
\r\n \"Google\r\n <\/div>\r\n
\r\n Google Chrome<\/span>\r\n Download Now<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path><\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n\n\n\n

A research report<\/a> by JavaScript cybersecurity specialists otto-js has unearthed some worrying findings about the spellchecker features on the Google Chrome and Microsoft Edge web browsers. Yes, they are helping us boost our productivity but they are also sharing our password details with websites <\/strong>whenever we are trying to log into your web accounts and services.<\/p>\n\n\n\n

According to the report, there are three primary websites and services that are exposed to this vulnerability<\/strong>. These are Office 365, Alibaba \u2013 Cloud Service, and Google Cloud \u2013 Secret Manager. AWS \u2013 Secret Manager and LastPass were also vulnerable to the issue, but they have already fully mitigated the issue according the otto-js report.<\/p>\n\n\n\n

Josh Summit at otto-js had this to say about this rather novel vulnerability:<\/p>\n\n\n\n

\u201cSome of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords, when users are logging in or filling out forms [\u2026] If ‘show password’ is enabled, the feature even sends your password to their 3rd-party servers.\u201d<\/em><\/p>\n\n\n\n

Unfortunately, until this vulnerability is mitigated by the affected sites there is nothing you as a user can do to safeguard your web usage apart from disabling your browser\u2019s spellchecker<\/strong>. In truth, however, this isn\u2019t a massive price to pay as although spellcheckers are useful on web browsers, they are nowhere near as useful as they are on word processors.<\/p>\n\n\n\n

In other cybersecurity news, scammers have been circulating fake Word docs packed with almost undetectable malware<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Spellcheckers are an extremely helpful feature that boost productivity by allowing us to quickly and more easily give our typed documents and inputs a proofread and check. Unfortunately, however, when it comes to in-built web browser spellcheckers there is a security weak point that we need to take into account. Are they checking our passwords … Continue reading “Chrome’s spellchecker could be exposing your passwords to hackers”<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":203693,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2378],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-203666","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionchrome"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/203666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=203666"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/203666\/revisions"}],"predecessor-version":[{"id":323174,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/203666\/revisions\/323174"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/203693"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=203666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=203666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=203666"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=203666"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=203666"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=203666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}