Your Browser’s Autocomplete Data Could Be Phished, Here’s How to Keep Yourself Safe
Autocomplete systems in browsers like Google Chrome, Safari and Opera, as well as plugins like LastPass, can be easily tricked into providing your information on web pages. Here’s how you can protect your personal information.
Viljami Kuosmanen , a Finnish web developer and hacker, recently discovered an exploit and shared an example in action on GitHub . Typically, a phishing site has text boxes where you enter basic information such as your email address or name. But when you use your browser’s autocomplete system to fill in these fields, the site uses hidden text fields to collect additional autocomplete information that you don’t even know you are giving away. This information can include your home address, phone number, and even your credit card information.
If you want to stay safe, you should always avoid sharing personal information and using utilities like LastPass on websites that you are not entirely sure of . Or, you can turn off autocomplete entirely in the browser of your choice:
- In Chrome, click the three-dot More button in the upper-right corner> Settings> Show advanced settings> then uncheck “Turn on one-click autocomplete for filling web forms” under Passwords & Forms.
- In Safari, choose Preferences> AutoFill> deselect all types of information that Safari should auto-fill.
- In Opera, press the Opera button, go to Settings> Privacy & Security> scroll down to Autofill> uncheck the box next to “Enable automatic form filling on webpages.”
Mozilla Firefox is currently immune to this phishing exploit because it doesn’t have a multi-box autocomplete system yet. You can read more about the exploit at the link below.
Phishing with autocomplete in the browser | GitHub via The Guardian