Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords

Cyber Castrum LLP Cyber Castrum LLP

Cyber Castrum LLP

Strong|Safe|Secure

发布日期: 2022年9月20日
+ 关注

Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords.

Chrome's enhanced spellcheck & Edge's MS Editor are sending data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, to sites you're logging into from either of those browsers when the features are enabled. Furthermore, if you click on "show password," the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.

Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII, including username, email, and passwords, when users are logging in or filling out forms. An even more significant concern for companies is the exposure this presents to the company's enterprise credentials to internal assets like databases and cloud infrastructure.

5 of the top concerning websites/services with exposure for enterprise companies are...

  • Office 365
  • Alibaba - Cloud Service
  • Google Cloud - Secret Manager
  • AWS - Secrets Manager (UPDATE: has already fully mitigated the issue)
  • LastPass (UPDATE: has already fully mitigated the issue)

For Further Reference

https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords

要查看或添加评论,请登录

Cyber Castrum LLP的更多文章

社区洞察

其他会员也浏览了