We often praise the autofill features of our web browsers for saving us from all the troubles of typing the details like email address, passwords, address, phone numbers, etc.
But, these features come along with some serious security risks too.
A web developer and hacker named Viljami Kuosmanen has found a flaw that’s affecting different browsers and plugins. According to his revelation, web browsers like Google Chrome, Apple Safari, and Opera, and plugins like LastPass can be exploited to leak sensitive personal information.
Browser autofill phishing in Chrome, Safari, and Opera
The phishing attack described by the hacker is very simple in application. When you fill your information in text boxes, autofill enters the profile-based information in form fields hidden from the user.
Mozilla’s Firefox is immune to this problem as it is yet to implement a multi-box autofill system, so, it can’t be tricked into filling text boxes.
Interestingly, this attack is triggered when users enter at least one information in some online form. To avert such attacks, the users are advised to disable the autofill function in their web browser.