Posted by : Sivapriya Friday, 20 January 2017

The “helpful” autofill feature of your web browser also poses a big risk to your online security. A security researcher has uncovered a simple exploit that uses form fields hidden from the user to steal the personal information. While Chrome, Opera, and Safari are affected by this issue, Firefox remains immune. The users are advised to disable the autofill settings in their web browsers.


We often praise the autofill features of our web browsers for saving us from all the troubles of typing the details like email address, passwords, address, phone numbers, etc. But, these features come along with some serious security risks too.
A web developer and hacker named Viljami Kuosmanen has found a flaw that’s affecting different browsers and plugins. According to his revelation, web browsers like Google Chrome, Apple Safari, and Opera, and plugins like LastPass can be exploited to leak sensitive personal information.

Browser autofill phishing in Chrome, Safari, and Opera

The phishing attack described by the hacker is very simple in application. When you fill your information in text boxes, autofill enters the profile-based information in form fields hidden from the user.

On GitHub, Kuosmanen has shared a live demo page to showcase the attack. You can access it here.

In Google Chrome browser, the attack works as follows:


Mozilla’s Firefox is immune to this problem as it is yet to implement a multi-box autofill system, so, it can’t be tricked into filling text boxes.

Interestingly, this attack is triggered when users enter at least one information in some online form. To avert such attacks, the users are advised to disable the autofill function in their web browser.

Leave a Reply

Subscribe to Posts | Subscribe to Comments


widget

Pageviews

Cloud Label

Blogumulus by Roy Tanck and Amanda Fazani

- Copyright © 2013 Redback IT Academy -- Powered by Redback - Designed by @ Redback Studio -