IT | Jan 13, 2017 | Master3395
The “helpful” autofill feature of your web browser also poses a big risk to your online security. A security researcher has uncovered a simple exploit that uses form fields hidden from the user to steal the personal information. While Chrome, Opera, and Safari are affected by this issue, Firefox remains immune. The users are advised to disable the autofill settings in their web browsers.
We often praise the autofill features of our web browsers for saving us from all the troubles of typing the details like email address, passwords, address, phone numbers, etc. But, this features comes along with some serious security risks too.
A web developer and hacker, named Viljami Kuosmanen, has found a flaw that’s affecting different browsers and plugins. According to his revelation, web browsers like Google Chrome, Apple Safari, and Opera, and plugins like LastPass can be exploited to leak sensitive personal information.
Browser autofill phishing in Chrome, Safari, and Opera
The phishing attack described by the hacker is very simple in application. When you fill your information in text boxes, autofill enters the profile-based information in form fields hidden from the user.
On GitHub, Kuosmanen has shared a live demo page to showcase the attack. You can access it here.
In Google Chrome browser, the attack works as follows:
Mozilla’s Firefox is immune to this problem as it is yet to implement a multi-box autofill system, so, it can’t be tricked into filling text boxes.
Interestingly, this attack is triggered when users enter at least one information in some online form. To avert such attacks, the users are advised to disable the autofill function in their web browser.
Did you find this article on the risks associated with autofill helpful? Share your views and comments with us.
Keywords: Google, Chrome, Opera, Safari, Attack