Beware: Chrome’s Auto-Complete Feature may Send Credit Card Information to Web Servers

It turns out that auto-complete can be just as big of a pain as real-time spell checking …

The auto-complete feature in web browsers such as Google Chrome can be a very convenient time-saving feature, as it enables you to fill out forms with data that you previously entered in the browser. So, instead of filling out your address, phone number, name or email address manually, you simply type the first character,  pick the appropriate result from the list and have it auto-filled for you.

In 2012, Google implemented Autocomplete Types in the company’s own Chrome browser designed to improve the handling of forms in the web browser. The basic idea behind the feature was to provide users with means to auto-fill all fields of a form automatically by selecting one of the available auto-complete data sets they have used earlier in the browser.

This meant that users did not have to use auto-complete for each field individually, but could select an auto-complete set to fill out multiple forms at once.

That’s in theory a pretty nice feature as it enables you to fill out forms quicker and make the whole process more convenient.

One major issue with the feature came to light recently. If you are a web developer you probably know that you can use hidden form fields on websites. A form on a website asking for your name could use hidden form fields to retrieve additional information thanks to the autocomplete-type feature.

Instead of just submitting your name to the service, you may also submit your email address, street address, and even credit card information.

The main problem here is that you do not have control over what is being sent to the website requesting the data, as Chrome does not provide you with those information.

Disabling auto-complete in Google Chrome

chrome autofill autocomplete

The only protection at the time of writing is to disable the auto-complete feature in the Chrome browser. Here is what you need to do to disable the feature in Google’s browser:

  1. Load the website chrome://settings/ by typing it in the Chrome address bar and hitting enter.
  2. Click on show advanced settings at the bottom of the screen.
  3. Scroll down until you find Passwords and Forms.
  4. You can verify which autofill data exists with a click on “Manage Autofill settings”
  5. Uncheck “Enable Autofill to fill out web forms in a single click”.
  6. Restart Google Chrome.

Closing Words

Note that third party extensions, plugins and programs that provide you with auto-complete functionality are not affected by this. Other browsers may also be affected, if the feature has been implemented in them as well (Opera 15+ for example). (via Yoast)

Link to Original Content

Tags: , , , ,

Comments are closed.