Google Chrome’s autofill is unsafe, may allow websites to steal credit card information


Autofill in Google Chrome, the feature that lets you save your information inside Chrome and automatically fill in online forms, is very convenient, but what if this convenience could send credit card information to web servers? It’s very possible, and this is something users should be aware of if they store such information within their Google Chrome web browser.

According to a Yoast report by Joost de Valk, web developers could simply request users to sign up to a newsletter with all the necessary sign-up fields available. However, that same developer could attach a separate field for credit card information, but the user wouldn’t know this because it’s hidden from sight.

A pretty clever trick if you ask us, one that could really come in handy if someone wants to swipe few credit card information from unsuspecting users on the web.

Now, it’s not all that terrible to use autofill if you don’t stoer financial information with it, but if you use your credit card quite often online, you might want to think twice about having it on. Our advice to you? Turn that thing off and save yourself the trouble. Here’s how to do it young Padawan.

Fire up your Chrome web browser, go to settings, click on the advanced tab, then uncheck autofill under Password and Forms. That’s it, you’re now safe from harm.

Moreover, if you really want to have your credit card information automatically appear in some text box on the Internet, you can try LastPass. It’s more secure than Google Chrome’s data and password management, and it also gives the user more control.

[via Yoast]

Share this post


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


  1. Bub

    The Yoast article includes a sample form that shows you how this is done. With Chrome’s developer tools, you can reveal the hidden form fields and see how they are being populated, without even submitting the form to Yoast.

    I tried it out, and although my credit card information is stored in Chrome, I found that the form would not autopopulate the credit card fields, unless I actually used autocomplete on the cc-number, cc-exp-month, or cc-exp fields. And when you do that, Chrome pops up its dropdown with the credit card logo, so you know that it is happening.

    In short, I don’t think that it has been demonstrated that this technique can be used to steal credit card information without your knowledge. On the other hand, it is able to grab other information such as full name, physical address, and email address. Although the sample form didn’t include telephone, I was able to twiddle it to see that it could grab that as well.