Autofill is a browser feature that fills in saved form data, such as usernames, addresses, payment details, or passwords, when a page requests them. It improves usability by reducing typing and helping users log in faster, but it also forces sensitive data to be decrypted and handled by the browser at the moment of use.
That timing matters in cyber security. Even when credentials are encrypted on disk, they may become readable in process memory during autofill, creating an opportunity for local malware, memory-scraping tools, or other post-compromise access to steal them. Defenders try to narrow that exposure by delaying decryption until a field actually needs a value, adding device checks or reauthentication before autofill, and limiting how long secrets remain in memory. In practice, autofill is a convenience feature that must be designed as a secret-handling system, not just a form helper.