Advanced spell check in Chrome and Edge as a privacy issue

Advanced spell-checking capabilities in Google Chrome and Microsoft Edge browsers transmit form data, including personal information and, in some cases, passwords, to Google and Microsoft, respectively, according to software developers otto’s report -js. A major concern for enterprises is the fact that this puts the company’s data access to internal resources such as databases and cloud infrastructure at risk.

Note from us: Actually, this feature should be disabled by default for you. You can check this by entering the following code in Chrome’s address bar, or you can search for “Enhanced Spell Check” in browser settings:

chrome://settings/?search=erweiterte+rechtschreibpr%C3%BCfung

Josh Summitt, co-founder and CTO of otto-js, discovered the spell checker leak while testing the company’s script behavior detection. If “Show password” is enabled, the feature sends a password even to third-party servers. While researching data leaks in different browsers, they found a combination of features that, when activated, unnecessarily share sensitive data with third parties such as Google and Microsoft. What is worrying is how easy it is to activate these features and that most users activate these features without really knowing what is going on in the background.

Businesses can mitigate the risk of sharing their customers’ personal information by adding the “spellcheck=false” option to all input fields. Alternatively, you can set this option only for form fields containing sensitive data. Businesses can also remove the “Show Password” feature, the post concludes.

To illustrate, otto-js showed an example of a user entering their credentials on Alibaba’s cloud platform in the Chrome web browser.