[ad_1]
Autofill on the Chrome browser is handy, but there are security holes, Google says.
The tech giant said this week that the next version of the Chrome browser, coming in October, will attempt to prevent users from filling out forms on secure pages submitted in an insecure manner.
The issue to be addressed is with seemingly secure HTTPS websites (web pages starting with “https” and showing a closed lock icon to the left of the website address). Sometimes these sites can contain insecure forms and ask a user to fill in sensitive personal and financial data.
Amazonian alexa had serious breaches of confidentiality, say researchers
“These ‘mixed forms’… represent a risk to user security and privacy,” Google said, adding that “information submitted on these forms may be visible to prying spies, allowing malicious parties to read or modify sensitive form data. “
Users, for example, get a warning about autofill, a widely used Chrome feature that automatically fills out forms with a registered address or payment information.
If you start filling out a mixed form, you will see a warning warning you that the form is not secure and autofill has been disabled. If you continue anyway, you will see a “full page warning” about the risk confirming that you still want to submit the form.
Prior to version 86, the only warning from users was to remove the lock icon from the address bar, Google said.
SURGING ONLINE FRAUD: FIVE FACTS YOU LIKELY DON’T KNOW
“We found that users found this experience unclear and that it did not effectively communicate the risks associated with submitting data in unsecured forms,” according to Google.
“Without this new feature, a user would have no idea that they are allowing themselves to have their potentially sensitive information stolen by malicious actors,” said Ray Kelly, senior security engineer at WhiteHat Security, a service provider based. in San Jose, California. application security, told Fox News.
Google did note, however, that while autofill is disabled, on mixed forms with login and password prompts, Chrome’s password manager will continue to work to help users enter passwords. unique.
“It is safer to use unique passwords, even on forms submitted insecurely, than to reuse passwords,” Google added. Reusing passwords across different websites is a big no-no that Google has already warned about.
Making forms more secure is part of Google’s efforts to strengthen the security of sensitive data. The company announced in late July that users can now confirm their credit cards with biometrics.
Currently, if a user registers their credit cards in their Google account, Chrome asks the user to confirm their credit card by entering their CVC before the full credit card number is auto-filled in a form.
“In the future, Chrome will allow you to register your device to retrieve card numbers through biometric authentication, such as your fingerprint,” Google said in July.
Users should always provide your CVC the first time they use their credit card. Then users can confirm their credit card using biometric authentication – avoiding the hassle of pulling out a wallet and typing CVC every time.
Biometric authentication is optional and users can turn this feature on and off in Chrome settings.
CLICK HERE TO GET THE FOX NEWS APP
[ad_2]
Source link