The use of multiple usernames and passwords across different sites has become common online practice, and therefore people increasingly turn to password managers and browser autofill, which saves personal information and automatically pastes it to prevent repetitive typing, in order to log in.
The discovered flaw affects the autofill function on browsers including Google's Chrome and Apple's Safari. It also affects some plugins and add-ons including the LastPass password manager , according to The Telegraph.
Viljami Kuosmanen, a security researcher, has discovered that autofill will also paste information into hidden text boxes, allowing scammers to steal information without users knowing. This could include name, personally identifying information, email address, phone number and addresses.
To show how it works, Kuosmanen created a website that asks for a user's name and email address but contains hidden boxes that are automatically filled with address, organisation and phone number. The attack only works if users select one of the autofill suggestions, meaning the best method of protection is to avoid clicking on these until a fix has been released. Disabling autofill is also a possibility, as is managing security settings. For example, Chrome users can deselect "Enable Autofill to fill out web forms in a single click" in Settings -> Advanced.
It doesn't affect Mozilla's Firefox browser as this autofills each field individually, the online publication added.
The Paypers. All rights reserved. No part of this site can be reproduced
without explicit permission of The Paypers(V2.3).