Beware: Chrome’s Auto-complete feature may send Credit Card information to web server

Status
Not open for further replies.

MrXidus

Super Moderator (Leave of absence)
Thread author
Apr 17, 2011
2,503
The auto-complete feature in web browsers such as Google Chrome can be a very convenient time-saving feature, as it enables you to fill out forms with data that you previously entered in the browser. So, instead of filling out your address, phone number, name or email address manually, you simply type the first character, pick the appropriate result from the list and have it auto-filled for you.

In 2012, Google implemented Autocomplete Types in the company's own Chrome browser designed to improve the handling of forms in the web browser. The basic idea behind the feature was to provide users with means to auto-fill all fields of a form automatically by selecting one of the available auto-complete data sets they have used earlier in the browser.

This meant that users did not have to use auto-complete for each field individually, but could select an auto-complete set to fill out multiple forms at once.

That's in theory a pretty nice feature as it enables you to fill out forms quicker and make the whole process more convenient.

One major issue with the feature came to light recently. If you are a web developer you probably know that you can use hidden form fields on websites. A form on a website asking for your name could use hidden form fields to retrieve additional information thanks to the autocomplete-type feature.

Instead of just submitting your name to the service, you may also submit your email address, street address, and even credit card information.

The main problem here is that you do not have control over what is being sent to the website requesting the data, as Chrome does not provide you with those information.

Read full story
 

AyeAyeCaptain

Level 1
Feb 24, 2011
585
Thanks for the info, although I have never used the auto fill feature, it's good to know in order to give "the heads up" to friends who do. If I did find the need to have my details at the ready to be filled in a lot, I think i would go by means of a word doc, stored in an encrypted folder and just copy and paste the bits i needed to, if it really was time consuming...
 

Ink

Administrator
Verified
Jan 8, 2011
22,490
Wouldn't this affect any Password/Auto-complete Form-filling software?

It's good to know there's no need to store confidential data on your Computer, Browser or Mobile devices.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top