Browser Autofill feature lets you store user credentials like name, E-mail, Address, Phone number, etc. so that you don’t have to fill it manually again and again. Although most users see Autofill feature as a convenience that provides ease while filling out credentials, it could also lead to big security risks leading to financial losses and a threat to personal data.
Autofill feature exposes users to security risks
If you are aware of Chrome Autofill feature, you can observe that Chrome’s autofill allows storing postal addresses (which contains information such as name, city, telephone, postal code, email address, etc. ) and credit card (which contains information such as cardholder name, number and expiration date).
Now, every piece of this data (except credit card information) can be synchronized with a Google account without you even noticing the same. This potentially increases the risk of your information being leaked to 3rd party attackers if your Google account credentials are leaked.
Information can leak through hidden fields
Imagine another scenario of a site requesting you to enter your name and email address to complete a form. While the autofill feature will automatically fill out the information against the name and email address, you will safely assume that this is the only information that you shared based on the fields that you saw on the form. But here is the where a potential leak may have happened.
The developer of a site can add hidden fields to a page, which is actually not “really hidden” from you but drawn outside the visible screen. Due to Autofill feature, your browser will automatically fill out fields which you can see and also the ones which cannot. So you always run the risk of getting your personal data shared without knowing though the hidden fields.
Below is a simple demonstration of form fields hidden from the user in Google Chrome. It shows that while only Name and Email were asked in the form, the Autofill feature submitted more information such as Email, Phone, Address and more once the user clicked on the “Submit” tab.
How to avoid the risk
One of the unfeasible approaches would be to analyze the source code of the web page before submitting anything. However, this is not possible practically and also involves technical know-how. Hence, the best approach would be to disable autofill feature permanently.
Here is how you can disable autofill feature in Chrome.
How to disable autofill feature in Chrome
Step 1. Load Google Chrome browser in your PC
Step 2. Click on the upper right side corner of your browser window to open “Settings”
Step 3. Click on the “Advanced Setting” to scroll down to the “Passwords and forms” section
Step 4. Remove the check mark from “Enable Autofill to fill out web forms in a single click” and “Offer to save your web passwords.”
Closing Comments
While autofill feature is a tremendous time-saver, it is prone to data leaks and malware intrusions. It is highly recommended that you never let a browser take care of your passwords, no matter how safe they claim.
Though browsers let you interact with Internet World, they also open your system up to a variety of vulnerabilities and attacks. The browser can be an entry point for an attacker into your PC, hence securing your browser should always be a priority.
Here are eight tips to protect your browser.
- Keep the browser updated to the latest version as authors keep on adding protection against latest threats
- Use antivirus software and keep It updated
- Never click on suspicious emails
- Keep the operating system updated
- Block unnecessary pop-ups and never click on them
- Use minimal plugins
- Never use “remember my password” feature, especially on public domains
- Do not download files from untrusted sources
For details visit Github. A bug report has also been filed with Mozilla here.
Leave a Reply