Password Panic: Popular Managers Prone to Clickjacking Chaos!

Password manager plugins are facing a new threat called DOM-based extension clickjacking. This vulnerability can expose users’ credentials with a single click on an attacker-controlled site. While some vendors are working on fixes, users should disable auto-fill and adjust settings to prevent unintentional data theft. Stay safe, and watch where you click!

3P
Published: August 20, 2025 6:17 pmAdded: August 20, 2025 at 11:21 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that password managers, our trusty vaults of digital secrets, were moonlighting as unintentional security risk managers? Looks like the next password you need to remember is “clickjacked!” It’s time to put on your tin foil hats and practice safe browsing, folks. Password managers might have to start managing their own security issues before they can manage ours!

Key Points:

  • Password manager plugins for web browsers are vulnerable to DOM-based clickjacking.
  • The technique can potentially steal credentials, 2FA codes, and credit card details.
  • 11 popular password managers, including 1Password and LastPass, are affected.
  • Six vendors have yet to release fixes; users should disable auto-fill as a precaution.
  • Security firm Socket is collaborating to address the vulnerabilities.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?