Don’t Let Your Browsers Autofill Passwords- Here’s Why?

Cross-Site Scripting (XSS) is a very well-known vulnerability. It has been around for a long time and can be helpful to steal sessions, create fake logins and carry out actions as someone else, etc.  Most people are unaware of the potential dangers that are associated with their browser’s credential autofill feature. Your Browser’s Autofill Passwords could be stolen via XSS so, don’t let them do that.

Advertisement

‘Autofill Passwords Feature’ Could Expose Your Credentials

We all know that the browsers have added a feature that is commonly called “autofill”. It eases the login process for web applications by automatically filling your saved credentials for that particular web application. This autofill feature is enabled by default on most commonly used browsers, like Firefox, Chrome, Edge, Opera, and Internet Explorer. The bad part is that sometimes it can’t be disabled at all. For example, there’s no way to prevent credentials from auto-filling in browsers based on Chromium, like Chrome and Edge, as there is no option to disable it. All you can do to prevent autofill on those browsers is to not save your credentials at all.

The thing that needed to be taken seriously is to prevent an XSS attack.  Now, let’s discuss how it all happens? When your browser finds, at any time, an input tag of type “password”, it automatically fills it with a password. An XSS attack can simply add a password field somewhere in the body of the page, wait for the browser to autofill it, and then fetch the value inside the field to send it to the server.

The basic purpose is to give more visibility to this attack vector and help people understand the impact of using the autofill feature, which is enabled by default on most browsers. So, if you want to prevent such attacks then either don’t use this feature or don’t save your passwords. Stop using browsers to save your sensitive passwords that involve credit cards or financial transactions, including banking and shopping sites.

Also Read: Update Google Chrome web browser to prevent zero-day exploit

Advertisement
Advertisement

Laiba Mohsin

Laiba is an Electrical Engineer seeking a placement to gain hands-on experience in relevant areas of telecommunications. She likes to write about tech and gadgets. She loves shopping, traveling and exploring things.
Back to top button
>
×