Skip to Content
Chrome spellcheck privacy
© Thanapol Mongta |
Security & privacy

Use spell check in your browser? It could be leaking your passwords

Nobody wants to make a spelling error when typing an important email. Grammarly is a free tool that can help. Tap or click here to find out how to use this helpful tool. Google’s Chrome browser and Microsoft’s Edge also have spell checkers to ensure your writing is flawless.

But while they can be convenient, they pose a privacy risk. Security researchers discovered that some browser’s spell check tools send personally identifying information (PII) to Big Tech companies.

Read on to see how browsers could compromise your passwords and what you can do about it.

Here’s the backstory

Security researchers at otto-js made a discovery that might make you think twice about using enhanced spell check tools in Chrome and Edge. Here’s why.

With Google’s Enhanced spell check tool enabled, everything you type into any website is sent to Google for spell-checking. Depending on the form you’re filling out, that could include sensitive data like Social Security numbers, home addresses, banking information and more.

Here’s another frightening twist. If you click “Show password” while signing into an account, your password is also sent to Google to be spell checked. Yikes!

The good news is you can protect your privacy and stop having PII sent to these companies. That’s because Chrome’s Basic spell check doesn’t send this data to Google. You’d need to enable Enhanced spell check for Google to have everything you type sent to it.

With Microsoft, it’s not a built-in spell check that breaches your privacy. It’s a browser extension called Microsoft Editor: Spelling & Grammar Checker. So don’t add the extension to Edge, and you’ll be safe. If you’ve added it previously and want to protect your data, remove it ASAP. Keep reading and we’ll show you how.

What you can do about it

There are two ways to remove an extension from Microsoft Edge. Here’s how:

  • In Microsoft Edge, select and hold (or, right-click) the icon of the extension you want to remove (to the right of your browser address bar). Select Remove from Microsoft Edge > Remove.
  • Or, to the right of your browser address bar, select Extensions and select More actions next to the extension you want to remove. Then select Remove from Microsoft Edge > Remove.

For Google Chrome:

As we said earlier, Chrome’s Basic spell check tool seems to be OK regarding privacy. It’s the Chrome Enhanced spell check that you need to worry about. Fortunately, you had to have enabled the Enhanced spell check tool to be at risk.

Here’s how to see which version you’re using and disable the enhanced tool if it has been enabled.

  • Open Google Chrome on a computer.
  • Click the three-dot stacked menu button in the top right corner and click Settings.
  • Select Languages from the options on the left side of your screen.
  • Under the Spell check section, ensure the Basic option is selected. If you don’t want to use spell check at all, slide the toggle next to Check for spelling errors when you type text on web pages to the left to disable it.

This is what your screen will look like while changing the setting:

Notice under the Enhanced spell check setting, it tells you straight up that text you type in the browser is sent to Google. No thanks!

Keep reading

Sick of Google Chrome? 6 alternative browsers to try instead

Warning: Malicious browser extension targets Gmail and AOL users

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook