Spell-check features in both Google Chrome and Microsoft Edge are reportedly responsible for leaking sensitive user information such as username, emails, and passwords to Google and Microsoft. Specifically, the data is harvested when consumers fill in forms on popular websites and cloud-based enterprise apps. The issue was identified by security firm Otto JavaScript Security. According to the company, the flaw could expose personally identifiable information from some widely used applications such as Amazon Web Services, Google Cloud, LastPass, and Office 365.

The issue is dubbed “spell-jacking” by security researchers and occurs when customers fill in forms on popular websites. The research was released via a blog post on September 16. Otto found the leakage while conducting research on how browsers can leak data in general. When Chrome’s Enhanced Spellcheck and Edge’s MS Editor are enabled on browsers, the leak can occur. The applications also leak user passwords if the show password feature is clicked when entering data into a site or device, according to Otto.

Read More: Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords