Beware! Your browsers may be leaking passwords; delete spell check now

tech.hindustantimes.com:

For those of us who are constantly typing on our laptops, spell checking is an absolute must. Whether it is essays for college or important work emails, typographical errors, commonly known as typos are a disaster which could strike you even in the best of times. To counter this, most people simply install spell check extensions on their browsers which alerts them to errors and automatically corrects the mistakes. However, a recent report has revealed that spell check extensions might not be safe.

According to a report by JavaScript security firm otto-js, spell check extensions on the browser have been found sending back important and sensitive data to Microsoft and Google. Co-founder and CTO of otto-js Josh Summit recently discovered this leak while running a test run of his company's script behaviour detection program. According to the blog published on otto-js website, whenever you enter any information in a form field on a website, the data is sent back to Microsoft and Google if the spell check feature is turned on. This means not only your personal information, but the login credentials you enter aren't safe anymore.

Walter Hoehn, otto-js VP of Engineering said in the blog, “"One of the most interesting things about this type of exposure is that it's caused by the unintended interaction between two features that are, in isolation, both beneficial to users. The enhanced spell checking features in Chrome and Edge offer a significant upgrade over the default dictionary-based methods."

“Likewise, websites that provide the option of displaying passwords in cleartext are more usable, especially for those with disabilities. It's when they are used together that the actual password exposure happens,” Josh Summit, CTO and