Autofill on browsers are convenient. You input things once and then you’re all set every time. But the price you pay for that convenience could be that you’re giving away important personal data—like your credit card information. Viljami Kuosmanen, a hacker at Futurice, shared on Github and Twitter a simple exploit that makes it easy for malicious websites to rip you off based on the information you allowed to be saved as autofill on both Chrome and Safari.
Browsers will determine what type of information the site is looking for and then it’ll keep the rest. But hackers have a way to obscure certain text boxes and users wouldn’t even notice they’re being autofilled, especially when what’s being filled out is sensitive personal data (e.g. credit card info). A quick way to avoid this is to disable autofill on both browsers, you can head to chrome://settings and find it under Show Advanced Settings tab on Chrome or heading to Preferences on Safari and unchecking the boxes in the Autofill tab.
This is why I don't like autofill in web forms. #phishing #security #infosec pic.twitter.com/mVIZD2RpJ3
— Viljami Kuosmanen ⭐ (@anttiviljami) January 4, 2017
Source: Gizmodo