Internet Giants’ Hijacking Confidential Data
Google Chrome and Microsoft Edge web browsers are the two main web browsers utilized by millions of Internet users every day. But recently it was discovered that both web browsers were guilty of transmitting and storing personally identifiable information (PII). Cyber security analysts reported that their research analysis, in some cases, shows that even users’ passwords are inconspicuously sent to Google and Microsoft servers when the manually enhanced spellcheck capabilities are enabled.
The Enhanced Spellcheck function can only be enabled by the user in Chrome or Microsoft Edge, but no warning was issued of the potential privacy risk that was exhibited. The form data itself, also contain personally identifiable information (PII), such as social security numbers (SSNs) and social insurance numbers (SINs), names, addresses, emails, dates of birth, and other pertinent contact information, as well as bank and other payment data.
While this function is well known and intended to help users streamline their projects, it raises the prospect of security breaches. The main issue is what happens to data once it has been transmitted to these companies’ servers. In addition, what is the guaranteed security, particularly concerning password storage?
The analyzed vulnerability was named “Spelljacking” by the otto-js security firm, whose analyst expressed concern for Internet privacy, after noticing that when manually enabled, Edge and Chrome’s Enhanced spell checking feature stores private information, including passwords.
Private Data Spellcheck Problem
Although the functionality was designed to enhance Internet users’ experiences, it does raise questions regarding the security of the entered sensitive data. With the transfer of form data that contained personally identifiable information (PII), this feature’s disadvantage is that it transmits sensitive data along with login details like passwords.
However, the cyber security analysts noted that this only happens with manual activation of the add-on. And while the noted security issue is an obvious breach of security protocol, it is still possible to use the spell checker, but only each browser’s built-in spell checker, which comes already turned on by default.
Because it is difficult to know what happens to data after transmission and how safe the practice may be, especially when it comes to password fields, the cyber analyst advised users of the dangers of manually enabling the spellchecker feature on both web browsers.
Also, basic spellcheckers are already enabled in Google Chrome and Microsoft Edge’s browsers, which is the alternative that has made them secure enough for Internet users.
The danger arises when manual activation occurs with the Enhanced Spellcheck option. There is a genuine risk. Thus, the possible invasion of privacy is brought to the attention of the average consumers.
How to Stop Browser SpellJacking?
These are the steps that will help keep Internet users safe by avoiding spelljacking, which has been discovered on Google Chrome’s and Microsoft Edge’s browsers.
You may check to see if Enhanced Spell Check is enabled by clicking the vertical ellipsis in the top-right corner of a Chrome or Edge window.
Next, chose Settings > Languages > Spell check. Ensure that the feature is disabled or set to default.
Either select the radio box next to “Basic spell check” or deactivate it entirely.
In addition, if you are an IT person you could alter the HTML code.
By altering the HTML code and adding “spellcheck=false” to all or specific input fields, website admins can help solve the issue. Additionally, websites have the option to turn off the “display password” function, which does not prevent Spell-jacking but does prevent user passwords and other private information from being transmitted to third party servers.