Web browsers have all kinds of built-in capabilities. One "feature" that is only a few years old is the ability to save information you might put into forms such as: your name and address, phone number and other contact info, credit card information. Browsers can also save your userids and passwords for sites, then automatically fill in that info when you visit the site.
I've always said that security-minded people should not allow web browsers to save this kind of personal and security info. This is primarily because all browsers have a track record of having many vulnerabilities. I've always "said" this but, as it turns out, I've never written about it! It's about time! [Note... or so I thought! While looking for some other info, I found that I did talk about this issue back in 2013!]
There are two primary reasons why allowing the browser to save sensitive information is a bad idea:
- Copycat and phishing websites can grab information directly your browser has stored without your knowledge. This is the problem that was recently announced.
- As I just mentioned, browsers have many vulnerabilities and exploits. At this year's Pwn2Own contest (a 2-day event at which teams compete to exploit software vulnerabilities for cash prizes), all of the major browser fell victim!