Beware, advanced spell check in Chrome and Edge saves everything you type
Improved spell checking in Chrome and Edge lets you leak your passwords. It’s best to turn them off altogether.
Google Chrome and Microsoft Edge have advanced spelling tools: but if these tools are advanced (do more than just spell checking), all grammar and sentence processing is done on their servers. According to Otto’s research, these services relay everything you enter in plain text to the Google and Microsoft servers, including your passwords, when you click the “Show Password”button.
Improved spell checker in Chrome and Edge reveals your passwords
So yes, we are talking about Google and Microsoft here. These are large companies that take privacy seriously and have no interest in having your Dropbox account hacked. However, this is still bad for your privacy. According to the same Otto report, password managers like LastPass have already released fixes, but that doesn’t fix the browser issue itself.
Thankfully, these features aren’t enabled by default, so if you’re using your browser as is, you should be safe. However, if you are using Chrome’s Advanced Spell Checker feature or the Microsoft Editor in Edge, disable them immediately.
It’s best to turn them off altogether.
In Chrome, enter the following URL in the address bar: “chrome://settings/?search=corrector”. Then choose “Basic Spell Check”instead of “Advanced Spell Check”.
In Microsoft Edge, Microsoft Editor works as an extension. Click on the extension icon in the toolbar and go to the “Manage Extensions”section. Find the “Microsoft Writer”extension and click “Uninstall”. In the confirmation window, click “Delete”again.
Until Microsoft and Google update their products to address this issue, we recommend that you do not use these spelling and grammar checkers. If you really need this kind of help, your best bet is to go for specialized editors like Grammarly or Hemmingway Editor.
Leave a Reply