Autocomplete Feature Leaves Browsers Vulnerable
Mozilla and Internet Explorer are especially susceptible to an attack
The proof of concept, unfortunately, is easy to integrate in any web game placed into a simple HTML page. By making a game in which the user has to press the up and down arrows on his keyboard, what seems to be a simple online app, turns out to be a highly effective data stealer.
It can practically steal any information you ever typed inside a browser, including account names, search words and a lot more.
In order to fix this issue, vendors should “tie the information a site asks via autocomplete inputs to the site itself.” Since so far they don't check the origin of the input tag, the web application remains vulnerable to a malicious script.
Until vendors take a stand, internauts are recommended to disable the autocomplete feature on forms from the browser's setting window.
Hopefully, now that the issue is again out in the open, Mozilla, Microsoft and all the others who feel their products are vulnerable to such an attack will take the necessary steps in fixing the problem. In the meantime, make sure not to play any suspicious games that urge you to press the up and down keys.