Google, Microsoft can get your passwords via web browser's spellcheck

[Corrine]

From Bleeping Compute at Google, Microsoft can get your passwords via web browser's spellcheck:

Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.

While this may be a known and intended feature of these web browsers, it does raise concerns about what happens to the data after transmission and how safe the practice might be, particularly when it comes to password fields.

Both Chrome and Edge ship with basic spellcheckers enabled. But, features like Chrome's Enhanced Spellcheck or Microsoft Editor when manually enabled by the user, exhibit this potential privacy risk.

 

See the referenced article for additional information.

[abarbarian]

The Arch chromium does not have any Enhanced Spellcheck option.

[V.T. Eric Layton]

This is somewhat disturbing.

 

Fortunately, I don't use Edge... and rarely use Chrome (disabled in my cell phone). On my main system, I have "un-Googled" Chromium installed, but it's just a backup browser. I run FF primarily.

 

See... I knew that "Auto-Correct" and its close relative "Spellcheck" were out to get us. SkyNet is awakening.

 

[crp]

been a while since i turned on and tried extended spell checking in chromium based browsers, iirc there is a notification given that turning on does mean that *everything* gets looked at.