Welcome to WebmasterWorld Guest from 54.161.155.6

Forum Moderators: incrediBILL & lawman

Browser Autocomplete Phishing for Chrome and Safari

     
5:26 pm on Jan 10, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:23667
votes: 432


According to a demonstration by a Finnish web developer, Chrome and Safari have autofill capability to enter data into a web form. Phishers could hide the fields on the web form and fool the user into autofilling sensitive data, such as address, date-of-birth, etc.

Apparently LastPass also autofills hidden registration fields.
Users who type the start of their names will generate a prompt that when selected will throw an option to fill out their complete details. If clicked on a phishing site Kuosmanen describes, a user's sensitive information will be entered into boxes the user cannot see. Browser Autocomplete Phishing for Chrome and Safari [theregister.co.uk]

Mozilla says Firefox is not vulnerable as it does not autocomplete forms.
7:08 pm on Jan 10, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7098
votes: 436


Ugly! Note: FF does remember form history if activated under Options/Privacy, but this is not an autocomplete function.
8:32 pm on Jan 10, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:7308
votes: 213


Best defense, use some strangers info in auto-complete forms. The downside is you may be waiting a long time for those packages to arrive.