Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)

[[correlate]]

Content source

https://www.gosecure.net/blog/2022/06/29/did-you-know-your-browsers-autofill-credentials-could-be-stolen-via-cross-site-scripting-xss/

Cross-Site Scripting (XSS) is a well-known vulnerability that has been around for a long time and can be used to steal sessions, create fake logins and carry out actions as someone else, etc.

In addition, many users are unaware of the potential dangers associated with their browser’s credential autofill feature. This attack vector is not new, but it is unknown to many people and as we investigated further we found that the dangers were extensive. In this post, the GoSecure Titan Labs team will demonstrate that using a browser password manager with autofill could expose your credentials in a web application vulnerable to XSS.

Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS) - GoSecure

Firefox, Chrome, Edge, Opera, and Internet Explorer browsers could be leaking users' credentials where autofill usernames and passwords can be accessed by JavaScript.

www.gosecure.net

 

[Thales]

I do not really care because important passwords are in my password manager or has 2FA.
Browser handle the non-important passwords.