1. Home
  2. Forums Index
  3. Local / Foo 8:19 pm May 5, 2026

Forum Moderators: open

Message Too Old, No Replies

Browser Autocomplete Phishing for Chrome and Safari

         

engine

5:26 pm on Jan 10, 2017 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



According to a demonstration by a Finnish web developer, Chrome and Safari have autofill capability to enter data into a web form. Phishers could hide the fields on the web form and fool the user into autofilling sensitive data, such as address, date-of-birth, etc.

Apparently LastPass also autofills hidden registration fields.
Users who type the start of their names will generate a prompt that when selected will throw an option to fill out their complete details. If clicked on a phishing site Kuosmanen describes, a user's sensitive information will be entered into boxes the user cannot see. Browser Autocomplete Phishing for Chrome and Safari [theregister.co.uk]

Mozilla says Firefox is not vulnerable as it does not autocomplete forms.

tangor

7:08 pm on Jan 10, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Ugly! Note: FF does remember form history if activated under Options/Privacy, but this is not an autocomplete function.

keyplyr

8:32 pm on Jan 10, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Best defense, use some strangers info in auto-complete forms. The downside is you may be waiting a long time for those packages to arrive.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Local / Foo 8:19 pm May 5, 2026