Microsoft Proposes a User-Friendly Way to Prevent Chromium Autofill Hijacking

Microsoft is proposing OS-level authentication for Chromium autofill, which could increase security in its Edge browser in shared device scenarios.

Browser autofill can save an inordinate amount of time, but it can also be a real concern. users have noted their worry over the feature, which can let a local attacker with access to your browser sign into your account even if you logged out previously and access the plaintext password. Now, the company has responded.

Though it was considering the use of a master password before each autofill but worried that would lull users into a false sense of and compound the issue. The main threat in this scenario comes from family members borrowing a device, and doesn't believe a single layer of protection is sufficient.

“Requiring entry of a master password prior to autofill has been proposed as a solution for this in the past,” said 's engineers. “There is ongoing debate around whether a master password feature that's not backed by either per-credential or complete credential store encryption lures users into a false sense of security because local attackers are generally outside of the browser threat model.

Instead, it proposes a toggle for an ‘OS reauthentication hook'. This could take the form of an OS-level password, or use biometrics like Windows Hello face/fingerprint recognition. Importantly, Microsoft doesn't appear to be targetting its OS only for this solution – it looks like it wants to support authentication across platforms.

“Whether, and if so how, user agents choose to UI around this reauthentication hook to ensure that their users can clearly understand the threat model and its limitations is beyond of the scope of this explainer,” added the company.

This only really addresses issues with browser password managers in shared device scenarios, but the company is looking at improvements in other areas.