Brave stored my credit card number in Web Data file, prompts to auto-fill it

Description of the issue:

When checking-out at acurapartswarehouse.com, I clicked into the field to key in my credit card number. Unexpectedly, Brave presented two autofill choices: a full 16-digit card number and the card again in the form ***1234. I have previously declined to save credit cards when prompted and find none stored in Settings.

I found I could disable this autofill prompt by switching-off “save and fill addresses”.

I thought perhaps it was tied to just one saved address, so I deleted all of them and turned the “save and fill” on again. With no addresses listed, the credit card options still appeared.

I thought perhaps it was tied to a cookie for the site, so I removed all of them and the problem remains.

When I use the inspect option I see that the field tag contains:
name=“cardNumber”

When I search the Brave folder for my card number, I find it located in “Web Data” as cleartext prefixed with cardNumber.

How can this issue be reproduced?

This is a guess:

  1. Enter a credit card number into a field named cardNumber. Brave will store the entry in Web Data.
  2. Visit another site, such as acurapartswarehouse.com, and click into a field also named cardNumber.
  3. Brave should prompt to autofill the stored card number.

Expected result:

Brave should not store 16-digit numbers from fields with names such as cardNumber, CreditCard, etc, except through its explicit credit card storage option.

Brave Version( check About Brave):

1.29.81

Additional Information:

Not specifically a Brave issue, this is from Chromium. @billvo

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.