GOOGLE Chrome users could be unwittingly exposing their passwords when using spell checkers, experts claim.
It all centres around so-called enhanced spell checker features and how you view your password.
1
The issue isn’t exclusive to Chrome either – it affects those using Microsoft Edge as well, with its own installable add-on called Microsoft Editor.
These tools are designed to give whatever you write a more thorough whizz through for errors or bad grammar.
But for it to do that it needs to transmit data to Google and Microsoft – and they both make clear that any text you type on your web browser will go through this process if you choose to have the optional feature switched on.
For the ordinary stuff that’s fine but it poses a risk for your password.
Normally when you type out your password it shows asterisks to keep it private.
Under those conditions, your password is completely safe.
But if you have the enhanced spell checker on and chose to reveal your password, that’s where the trouble can arise, according to experts at otto-js.
Normally, websites include a simple bit of code to stop this data from being extracted.
Most read in Tech
However, as Bleeping Computer reports, some big names including Facebook seem to have neglected it.
The thing to know is, the issue doesn’t apply to ordinary spell checking, just the enhanced ones you have to manually enable, so the vast majority of people should be safe.
And remember, it only applies when you reveal your password by clicking a ‘show password’ button, so this should narrow the risk further.
Regardless, anyone using enhanced spell checker or Microsoft Editor might want to be more careful when they choose to reveal their password.
“The Enhanced spell check feature requires an opt-in from the user,” a Google spokesperson told Bleeping Computer.
“The text typed by the user may be sensitive personal information and Google does not attach it to any user identity and only processes it on the server temporarily.
“To further ensure user privacy, we will be working to exclude passwords proactively from spell check.”
Meanwhile, Microsoft told the publication it is looking into the matter.
How to switch off Chrome’s enhanced spell checker
If you want to switch Chrome’s enhanced spell checker off, just follow these instructions.
Type the following into your Chrome address bar: chrome://settings/?search=Enhanced+Spell+Check
Under the Languages header, switch to basic spell checker.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
