[ad_1]
The tool of grammar check Google Chrome can to put in danger user passwords. In the browser, you can enable the “advanced grammar check” function, which automatically sends everything typed to the company’s servers, where it is screened by a algorithm that verifies spelling accuracy and style.
An investigation by Otto-js, a cybersecurity company, revealed that when entering passwords on Chrome using the “show password” button – available on some sites – the key text is sent to Google’s servers for grammar checking. Therefore, Chrome’s normal security standards for password privacy do not apply.
Sites can add an HTML attribute “spellcheck = false“ to block the spelling check function, and thus prevent data transmission. But many don’t, including some Big Tech giants. Including Facebook.
LastPass toothe site of password management which suffered an attack in August, presented it same problem. After Otto-js’ report he promptly remedied.
Google replied that passwords remain on servers only temporarily, and which in any case are not related to no personal data. In addition, he added, the advanced grammar check option is not a default but must be actively selected or deselected by the user. “We will work for actively exclude passwords from grammar checker ”concluded the Google representative, interviewed by Bleeping Computer.
In addition to Google Chrome, the same problem is present on the browser Microsoft Edge, on which the add-on can be installed Microsoft Editor Spelling & Grammar Checker. For the moment there are no statements from Microsoft, which says it has yet to investigate the matter.
Experts advise in any case of disable grammar checking featuresin case you work with sensitive information.
.
[ad_2]
Source link
