Enhanced spellcheckers like Microsoft Editor in Edge can transmit password info

2 min. read

Published onSeptember 19, 2022

published onSeptember 19, 2022

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Researchers at JavaScript security companyotto-js, while testing script behaviors detection, noticed something unusual: enhanced spellcheckers, like the Enhanced Spellchecker in Google’s Chrome (off by default, needs to be turned on), or Microsoft’s Editor (an Edge plugin, needs to be installed), send potentially personal identifiable information (PII) to servers at Google and Microsoft, respectively.

What’s more, if users take advantage of the “Show Password” option, then passwords themselves can be transmitted, as well.

The info, potentially anything entered in form fields while these enhanced spell checkers are on, is only sent temporarily to Google, the company said:

“The text typed by the user may be sensitive personal information and Google does not attach it to any user identity and only processes it on the server temporarily. To further ensure user privacy, we will be working to exclude passwords proactively from spell check.”

In addition, turning on Enhanced Spell Checker in Chrome states that “(t)ext that you type in the browser is sent to Google.”

Both Microsoft and Google use company servers to perform the enhanced spellchecks, but in doing so may be opening up attack vectors that users may not be aware of.

You can read more about the research conductedby otto-js in their blog post.

(via BleepingComputer)

Kip Kniskern

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Kip Kniskern

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Enhanced spellcheckers like Microsoft Editor in Edge can transmit password info#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Enhanced spellcheckers like Microsoft Editor in Edge can transmit password info