A recently discovered security flaw in the Chrome and Safari browsers that could allow online scammers to secretly collect your information using hidden fields on a webpage.
Hacker Viljami Kuosmanen exposed the security risk in a recent Twitter post. He showed how scammers can put a simple form on a webpage and add secret fields, which are invisible to the user, to harvest data stored in the user’s autofill settings such as address, phone number, and credit card information.
This is why I don’t like autofill in web forms. #phishing #security #infosec pic.twitter.com/mVIZD2RpJ3
— Viljami Kuosmanen ⭐ (@anttiviljami) January 4, 2017
This security flaw is in Google Chrome and Safari has not been closed as of today, January 16, 2017.
Firefox is not vulnerable to this threat because Firefox requires any form that wants to collect data via autofill to be “clickable” by the user.
At DNA Computers, we recommend either using Firefox, or disabling auto-fill completely until this security flaw is fixed.
Here are instructions to disable auto-fill:
CHROME:
- Go to chrome://settings/
- Click on Show Advanced Settings
- Uncheck the auto-fill box
[thumbnail src=”http://getyourdna.com/wp-content/uploads/2017/01/dq3dy5tvpxzu8d3mizlk.png”]
SAFARI:
- Go to Safari > Preferences
- Go to the Autofill Tab and uncheck the options
[thumbnail src=”http://getyourdna.com/wp-content/uploads/2017/01/bpo9qwvedkknmgotmokj.png”]
IMPORTANT: Don’t forget to disable autofill on your cellphone / iPhone!
If you have any questions or would like us to assist you in disabling autofill, stop in for free assistance at the counter or give us a call. We are open Monday-Friday 8:30am-5:30pm and there is no appointment necessary.