Chrome's and MS's cloud-powered spell-checking features could exfiltrate passwords and sensitive data?

[barbaz]

https://www.bleepingcomputer.com/news/s ... pellcheck/

At least it sounds like these features are disabled by default. Checking in Chromium, it does not seem to have this feature at all.

[therube]

Big deal. That's only for purposes of "telemetry", & for our benefit, of course. :evilgrin:

Now, is this "simply" a function of needing to send data "to the cloud" for the wanted functions to work? (Instead of having the spell check/translate features available, locally.)

(And even though Google/MS end up with this data, I'm sure they simply perform the wanted functions on it, return that to you, & discard it immediately thereafter.)

You would think (not that I know), that "field data" could be excluded, & only page content sent?

And I'm sure there is a great big disclaimer warning users of this situation .

(In each browser, the user needs to actually enable the setting [Chrome] or extension [Edge]. [Though I'm sure, on doing so, the end user is none the wiser.])

https://privacy.microsoft.com/en-us/privacystatement (there, I feel better now)

[therube]

Somewhat related, Google Chrome may be getting a new security layer for autofill passwords.