Autofill feature exposes users to security risks

If you are aware of Chrome Autofill feature, you can observe that Chrome’s autofill allows storing postal addresses (which contains information such as name, city, telephone, postal code, email address, etc. ) and credit card (which contains information such as cardholder name, number and expiration date). Now, every piece of this data (except credit card information) can be synchronized with a Google account without you even noticing the same. This potentially increases the risk of your information being leaked to 3rd party attackers if your Google account credentials are leaked. Information can leak through hidden fields Imagine another scenario of a site requesting you to enter your name and email address to complete a form. While the autofill feature will automatically fill out the information against the name and email address, you will safely assume that this is the only information that you shared based on the fields that you saw on the form. But here is the where a potential leak may have happened. The developer of a site can add hidden fields to a page, which is actually not “really hidden” from you but drawn outside the visible screen. Due to Autofill feature, your browser will automatically fill out fields which you can see and also the ones which cannot. So you always run the risk of getting your personal data shared without knowing though the hidden fields. Below is a simple demonstration of form fields hidden from the user in Google Chrome. It shows that while only Name and Email were asked in the form, the Autofill feature submitted more information such as Email, Phone, Address and more once the user clicked on the “Submit” tab.

How to avoid the risk One of the unfeasible approaches would be to analyze the source code of the web page before submitting anything. However, this is not possible practically and also involves technical know-how. Hence, the best approach would be to disable autofill feature permanently. Here is how you can disable autofill feature in Chrome.

How to disable autofill feature in Chrome

Step 1. Load Google Chrome browser in your PC Step 2. Click on the upper right side corner of your browser window to open “Settings” Step 3. Click on the “Advanced Setting” to scroll down to the “Passwords and forms” section Step 4. Remove the check mark from “Enable Autofill to fill out web forms in a single click” and “Offer to save your web passwords.”

Closing Comments While autofill feature is a tremendous time-saver, it is prone to data leaks and malware intrusions. It is highly recommended that you never let a browser take care of your passwords, no matter how safe they claim. Though browsers let you interact with Internet World, they also open your system up to a variety of vulnerabilities and attacks. The browser can be an entry point for an attacker into your PC, hence securing your browser should always be a priority. Here are eight tips to protect your browser. For details visit Github. A bug report has also been filed with Mozilla here.