Skip to Content
Online shopping

Top Story: Autofill browser feature gives thieves your private information

Browsing online can sometimes feel like navigating a minefield. It’s filled with hidden traps, foxholes, and other hidden dangers that can hurt you when you least expect it.

These days, nothing seems safe online – there’s always an enterprising hacker poking holes on every would-be stalwart system out there. For either black hat or white hat reasons, a vulnerability is always waiting to be discovered.

And who knew even one of the conveniences of modern browsers can be exploited to do more harm than good?

I’m talking about a browser’s Autofill feature – that time-saving convenience that automatically populates a website’s fillable forms with your saved data, including your name, address, email and credit card information.

As Finnish security researcher Viljami Kuosmanen discovered, a thieving phisher can steal this Autofill personal data by using hidden fields on a webpage. The worst part is, you won’t suspect a thing.

In his proof-of-concept example posted on Github, he demonstrated how Chrome, which can auto-fill data by default, can be used to extract user information, including credit card numbers, expiration dates, and security codes by merely embedding hidden fields, which are then automatically filled by the browser.



Credit: Viljami Kuosmanen ‏@anttiviljami

Additional browsers aside from Google Chrome are likewise exploitable, including Apple’s Safari and Opera.

However, Mozilla security researcher Daniel Veditz tweeted that Firefox is immune from the bug since this browser won’t auto-fill fields that can’t be clicked by the user.

How to turn off Autofill

It looks like unless the said affected browsers are patched, the only fix for now is to turn off the Autofill feature.

To turn it off in Chrome, click the three vertical dots on the upper-right corner of your browser, select Settings, scroll down and click on “Show Advanced Settings” then uncheck “Enable Autofill to fill out web forms in a single click.” Additionally, you can edit what information is being auto-filled by clicking “Manage Autofill settings.”

If you’re using Safari on a Mac, with the browser open, click on Safari on the menu bar, then click on Preferences and go to the Autofill section. Here you can select and uncheck the Autofill data that Safari uses.

Although Firefox is reported to be safe against the bug, if you still want to edit your Autofill settings on this browser, click on the three horizontal stripes on the upper-right corner, select Options, go to Privacy, click on the “Firefox will:” drop-down box on the History section (it is set to “Remember history” by default) and select “Use custom settings for history.” To prevent Firefox from storing autocomplete form data, uncheck “Remember search and form history.”

More must-read stories:

Using these passwords makes you a prime target for hackers

Even tech-savvy Gmail users are getting fooled by this phishing scam

You must delete your personal information from this scary site now! App background

Check out the free App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the App, available in the Apple Store and Google Play Store.

Download Now