In an otto-js through Bleeping Computer investigation, it is discovered that the passwords typed into the login section are sent to Google servers with the reveal password feature.
Google Chrome has many useful tricks to increase and ease our work, like spell check, and another feature is enhanced spell check. Google sends whatever is typed in the browser to the servers for grammar check and style algorithms.
With the worries of a data security breach, it is advisable not to enable it, and the investigation only reaffirms the above. However, given the situation, it may send the username and password to spell-checking servers during the logging-in process.
Many websites have the option to save the password for future use, and the reveal password feature makes it easy as you can see what you are typing. Unfortunately, chrome’s privacy does not apply here as it treats the password like a regular message that needs enhancement. Websites can apply “spellcheck=false” HTML quality to the field and prevent the password from being treated as a standard message. But according to otto-js and Bleeping Computer, many websites lack this HTML, including big social media platforms like FB.
Upon questioning, Google said that spell check happens only if opted, and users are warned that all the data typed in goes to servers. The company stated that the information is sensitive, so it does not attach user identity and is stored and processed only for a brief period. Google promised to improve the process by removing password processing
The investigation found that Microsoft Editor also has the same issue, as they rely on cloud-based processing to improve the spelling, grammar check, and style. In addition, both Google and Microsoft Word use the same service. So it will not be surprising that the passwords and other text are sent alongside the servers.
The investigation clarifies that you should not use enhanced spell checks on both platforms if you enter confidential information. Furthermore, even if both browsers offer efficient privacy, you should not hand over your matters to a third party with whom you do not have any control.
Using password managers, you are saved even when you use an enhanced Google spell checker or Microsoft Editor. However, you will need to understand that there are tools that sync your clipboard content across devices. When you use them, they are likely to appear in some servers where they were not expected.