Google Chrome Autofill Abuse - Obtain private information

This page demonstrates how malicious websites may obtain a Chrome user's private information including their name (aliases), addresses, telephone numbers, place of work, etc. by simply abusing Google Chrome's AutoFill functionality.

Mrs. Mr.


Optained private information

These fields are not visible to the user, but are populated by Chrome's Autofill-Function without notification.








//Update 1: thanks to Martin, who just wrote a quick extension for Chrome to keep track of populated form fields! » Chrome Extension

//Update 2: Demo Video on Youtube

//Update 3: current discussion on Hacker News

//Update 4: the latest Safari Browser has a Quick Fix similar like the mentioned Chrome Extension.