Beware! Your browsers may be leaking passwords; delete spell check now

browser 1663828382554 1663828382806 1663828382806


Do you frequently use spell check extensions on your browser? It might be putting your passwords at risk. Here’s what you need to know.

For those of us who are constantly typing on our laptops, spell checking is an absolute must. Whether it is essays for college or important work emails, typographical errors, commonly known as typos are a disaster which could strike you even in the best of times. To counter this, most people simply install spell check extensions on their browsers which alerts them to errors and automatically corrects the mistakes. However, a recent report has revealed that spell check extensions might not be safe.

According to a report by JavaScript security firm otto-js, spell check extensions on the browser have been found sending back important and sensitive data to Microsoft and Google. Co-founder and CTO of otto-js Josh Summit recently discovered this leak while running a test run of his company’s script behaviour detection program. According to the blog published on otto-js website, whenever you enter any information in a form field on a website, the data is sent back to Microsoft and Google if the spell check feature is turned on. This means not only your personal information, but the login credentials you enter aren’t safe anymore.

Walter Hoehn, otto-js VP of Engineering said in the blog, “”One of the most interesting things about this type of exposure is that it’s caused by the unintended interaction between two features that are, in isolation, both beneficial to users. The enhanced spell checking features in Chrome and Edge offer a significant upgrade over the default dictionary-based methods.”

“Likewise, websites that provide the option of displaying passwords in cleartext are more usable, especially for those with disabilities. It’s when they are used together that the actual password exposure happens,” Josh Summit, CTO and founder of the firm said.

Do this immediately

However, there is a relief from this issue. Unless you have manually enabled the spell check feature on your browser, it is usually turned off, meaning you’re still safe from this leak. Furthermore, even if you have this feature enabled on your browser, you can turn it off by simply removing the extension. If you have enabled the native spell check feature present on Google Chrome or Microsoft Edge, you can turn it off from the settings.