Your browser’s spell check feature could be giving away your passwords

Share

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Typos in your emails and documents can make you look unprofessional, which is why many people depend on spell check. However, Enhanced spell check in Google Chrome and Microsoft Edge can send your personally identifiable information (PII) and sometimes even your passwords to either company.

As reported by BleepingComputer, both browsers ship with basic spell check features enabled. Those who want extra spell check functionality though can enable Enhanced spell check in Chrome’s settings or add the browser extension Microsoft Editor Spelling & Grammar Checker to Edge.

When using either tech giant’s browser, the data you input in forms is transmitted back to the company. Depending on which sites you visit, this form data may include your Social Security number, name, address, email, date of birth, contact information, bank and payment information or other sensitive personal data.

Enhanced spell check

Co-founder and CTO of the JavaScript security firm otto-js, Josh Summit recently discovered that personal information as well as passwords are sent back to Microsoft and Google when using Enhanced spell check or Microsoft Editor.

While testing his company’s script behavior detection, Summit found that “basically anything” entered into a site’s form fields is sent to either Google or Microsoft when using Chrome or Edge with this feature enabled.

To make matters worse, when a user clicks on “show password” on a site, enhanced spell check also sends their passwords back to the company whose browser they’re using. Show password can be really useful, especially when you think you’ve misspelled one of your passwords.

Summit provided further insight on his findings in a blog post, saying:

“Chrome's enhanced spellcheck & Edge's MS Editor are sending data you enter into form fields like username, email, DOB, SSN, basically anything in the fields, to sites you're logging into from either of those browsers when the features are enabled. Furthermore, if you click on "show password," the enhanced spellcheck even sends your password, essentially Spell-Jacking your data.”

How to turn off Enhanced spell check

If you’re concerned about your personal information or passwords falling into the wrong hands from using Enhanced spell check in your browser, you should first check to see whether or not the feature is enabled.

In Chrome, you can do this by clicking on the three dots menu in the upper right corner and opening Settings. With the browser’s settings menu open, just type spell check into the search box at the top. You’ll see a page like the one pictured below and if Enhanced spell check is enabled, just click on Basic spell check to disable it. 

Fortunately, you need to opt-in to using Enhanced spell check feature in Chrome according to a support document from Google. This means that unless you turned it on manually, the feature will be disabled by default.

Disabling Enhanced spell check in Edge is even easier since you need to install the Microsoft Editor add-on for the browser to use it in the first place. If you didn’t download and install this add-on, then there’s nothing for you to do. If you have though, you may one consider disabling it which you can do by clicking on the three dots menu and heading to Extensions.

Even if you’re one of the worst typists out there, the basic spell check feature built-in to both browsers should be more than enough to fix any errors you make while typing. Also, if you want to protect your passwords further, you may want to consider using one of the best password managers to create strong passwords for you and store them securely.