Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizen Coje_He for the clue delivery! CTOnews.com, September 20 / PRNewswire-FirstCall-Asianet /-- A recent study by the otto-js security team found that data being checked by enhanced spell checking settings in the Microsoft editor and Google Chrome was sent back to Microsoft and Google, respectively. This data includes user names, e-mails, DOB, SSN, and basically anything entered into the text box checked by these functions.

As an additional note, these features can even send passwords, but only when the Show password button is pressed can the password be converted to visible text and then checked.

Key issues revolve around sensitive user personally identifiable information (PII), which is a key issue for enterprise credentials when accessing internal databases and cloud infrastructure. In the following picture shared by otto-js, you can see users log in to Aliyun and their data is shared with Google.

Some companies have taken steps to prevent this from happening, and both the AWS and LastPass security teams have confirmed that they have mitigated the situation through updates. This problem is called "spelling hijacking". Most worryingly, these settings can be easily enabled by users and can lead to data leakage without anyone realizing it.

CTOnews.com learned that otto-js 's team tested 30 websites in different industries and found that 96.7% of them sent data with PII back to Google and Microsoft.

Interestingly, the only site that alleviates this set of problems is Google itself, but only for certain services, not all of its tested products. Currently, the otto-js research team recommends that you do not use these extensions and settings until this issue is resolved.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.