Microsoft Editor in Edge Sending Personal Info to Microsoft Could Be Putting Users at Risk

Microsoft Editor in Edge and Enhanced Spellchecker in Chrome are sending personal information to Microsoft and Google respectively.


Cybersecurity researchers have found editing suites/spellcheckers such as Editor in Edge and Enhanced Spellchecker in send potentially personal identifiable information (PII) about users to and servers.

A team at the JavaScript firm otto-js were testing script detection when they found the unusual activity. Furthermore, if users access the “Show Password” option when entering their password, this information is also sent to the companies.

It seems anything put into a form when the spellcheckers are active will be sent. However, the researchers say Google only receives the information temporarily:

“The text typed by the user may be sensitive personal information and Google does not attach it to any user identity and only processes it on the server temporarily. To further ensure user , we will be working to exclude passwords proactively from spell check.”

It is worth noting that Enhanced Spellchecker in is off by default. Users must enable it if they want to use it. In Microsoft Edge, the suite is not available by default. Instead, users must install it to the browser.

In Chrome, Google tells users that “(t)ext that you type in the browser is sent to Google.” It is likely Microsoft has similar language around the Editor. However, the researchers warn this practice could open attack avenues for threat actors.

It is worth checking out the full research on the otto-js blog.

Microsoft Editor

If you're unfamiliar with Editor, it made its debut with the launch of Microsoft 365 Personal and Family early in 2020. Launched on Microsoft Word, the feature later become available on other Microsoft Office apps and .

The Editor feature is available for free. However, advanced grammar suggestions, writing refinement tips, and spell checking are limited to subscribers.

Tip of the day: With many reachable wireless access points popping up and disappearing again, the available networks list can become quite annoying. If needed you can use the allowed and blocked filter list of Windows to block certain WiFi networks or all unknown WiFi networks.