![]() ![]() ![]() Otto-js researchers, who posted a video on YouTube demonstrating how the leakage occurs, tested more than 50 websites that people use daily or weekly that have access to PII. Summit found that these spell-check features send data to Google and Microsoft that’s entered into form fields - such as username, email, date of birth, and Social Security number - when someone fills out these forms on websites or Web services while using the browsers, the researchers said.Ĭhrome and Edge also will leak user passwords if the “show password” feature is clicked when someone enters a password into a site or service, sending that data to Google and Microsoft’s third-party servers, they said. ![]() While conducting research on how browsers leak data in general. Otto-js co-founder and CTO Josh Summit discovered the leakage - which occurs specifically when Chrome’s Enhanced Spellcheck and Edge’s MS Editor are enabled on browsers. The issue - dubbed “spell-jacking” by researchers at client-side security firm Otto JavaScript Security (Otto-js) - can expose personally identifiable information (PII) from some of the most widely used enterprise applications, including Alibaba, Amazon Web Services, Google Cloud, LastPass, and Office 365, according to a blog post published Sept. Spell-checking features present in both the Google Chrome and Microsoft Edge browsers are leaking sensitive user information - including username, email, and passwords - to Google and Microsoft, respectively, when people fill in forms on popular websites and cloud-based enterprise apps. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |