Skip to main content
Best answer by 1P_SimonH

[Note that I'm marking this as a Solution just to make it more visible]

Hi all,

Thanks for all the questions and the thoughtful discussion. We wanted to provide a bit more context about the research and what it means for 1Password users.

A researcher identified a variation of a clickjacking attack, where a malicious website can trick someone into unknowingly triggering the autofill action in a browser extension. They reported the issue through our bug bounty program and worked with us ahead of their DEF CON presentation.

Clickjacking is not unique to the 1Password browser extension. It is a long-standing web attack technique that affects websites and browser extensions broadly. The underlying issue lies in the way browsers render webpages. After conducting a thorough review, including prototyping potential mitigations, we concluded there’s no comprehensive technical fix that browser extensions can deliver on their own.

Your information in 1Password remains encrypted and protected. Clickjacking does not expose your 1Password data or export your vault contents, and no website can directly access your information without interaction with the browser extension’s autofill element. At most, a malicious or compromised webpage could trick you into autofilling one matching item per click, not everything in your account.

We take this and all security concerns seriously, and our approach to this particular risk is to focus on giving customers more control. 1Password already requires confirmation before autofilling payment information, and in our next release, which is already shipped and undergoing review from the browser extension stores, we’re extending that protection so users can choose to enable confirmation alerts for other types of data. This helps users stay informed when autofill is happening and in control of their data.

On the question of disabling autofill: while it might feel safer, it can actually create more risk. Without autofill, people are more likely to reuse weak passwords or copy and paste credentials into websites, where they can still be stolen if the site is malicious. Autofill also protects you against phishing sites by only working on the exact domains your credentials are saved for. In practice, for the majority of users, we believe the risk of disabling autofill is greater than the risk of clickjacking.

Passkeys are not impacted by clickjacking. Passkeys are tied to the website they’re created on and generate a one-time signature during login. That means no reusable secret is ever exposed, and even if someone tried clickjacking, there’s nothing permanent to steal.

You can learn more in our security advisory.

13 replies

August 20, 2025

Other details and demo:

  • https://marektoth.com/blog/dom-based-extension-clickjacking/
  • https://socket.dev/blog/password-manager-clickjacking/
  • https://websecurity.dev/password-managers/dom-based-extension-clickjacking/
chrisrosa
August 20, 2025

Where are we on this? I see there was a https://support.1password.com/browser-autofill-security/ yesterday, but are there any steps being taken to mitigate this vector in future updates? If so, when can we expect them?

1P_SimonH
Community Manager
August 22, 2025

Hi @chrisrosa,

We've released a security advisory that we'll keep updated with any new developments.

We've also released version 8.11.7.2 (or 8.11.7 for Safari) of the 1Password browser extension, which gives users and businesses the option of turning on confirmation popups for sensitive data autofill. This approach reduces the likelihood of harm resulting from this particular class of attack and make sure they are clearly informed when autofill is happening, remaining in control of their user information. This version is now available for Edge, Chrome, and Safari and is awaiting approval from Firefox.

We chose this approach because we identified that many technical controls to detect and prevent clickjacking attacks come with limitations and can often be bypassed or break expected behavior for legitimate sites, as they don’t address the broader class of attack. 
I hope this helps. Please let us know if you have additional questions!

August 20, 2025

It's probably not that a big issue to fix ASAP, but would be nice to have a confirmation dialog prior to filling PII. At least give us an option to have it for those who are concerned.

Also that message for filling in the card info, why it's so generic? Why not make it obvious that you are requesting confirmation to fill in the credit card info on that website?

1P_SimonH
Community Manager
August 22, 2025

Hi Former Member​ ,

You’ll be happy to hear that we’ve released version 8.11.7.2 (or 8.11.7 for Safari) of the 1Password browser extension, which gives users and businesses the option of turning on confirmation popups for sensitive data autofill, including PII. This version is now available for Edge, Chrome, and Safari and is awaiting approval from Firefox.

1P_SimonH
1P_SimonHAnswer
Community Manager
August 20, 2025

[Note that I'm marking this as a Solution just to make it more visible]

Hi all,

Thanks for all the questions and the thoughtful discussion. We wanted to provide a bit more context about the research and what it means for 1Password users.

A researcher identified a variation of a clickjacking attack, where a malicious website can trick someone into unknowingly triggering the autofill action in a browser extension. They reported the issue through our bug bounty program and worked with us ahead of their DEF CON presentation.

Clickjacking is not unique to the 1Password browser extension. It is a long-standing web attack technique that affects websites and browser extensions broadly. The underlying issue lies in the way browsers render webpages. After conducting a thorough review, including prototyping potential mitigations, we concluded there’s no comprehensive technical fix that browser extensions can deliver on their own.

Your information in 1Password remains encrypted and protected. Clickjacking does not expose your 1Password data or export your vault contents, and no website can directly access your information without interaction with the browser extension’s autofill element. At most, a malicious or compromised webpage could trick you into autofilling one matching item per click, not everything in your account.

We take this and all security concerns seriously, and our approach to this particular risk is to focus on giving customers more control. 1Password already requires confirmation before autofilling payment information, and in our next release, which is already shipped and undergoing review from the browser extension stores, we’re extending that protection so users can choose to enable confirmation alerts for other types of data. This helps users stay informed when autofill is happening and in control of their data.

On the question of disabling autofill: while it might feel safer, it can actually create more risk. Without autofill, people are more likely to reuse weak passwords or copy and paste credentials into websites, where they can still be stolen if the site is malicious. Autofill also protects you against phishing sites by only working on the exact domains your credentials are saved for. In practice, for the majority of users, we believe the risk of disabling autofill is greater than the risk of clickjacking.

Passkeys are not impacted by clickjacking. Passkeys are tied to the website they’re created on and generate a one-time signature during login. That means no reusable secret is ever exposed, and even if someone tried clickjacking, there’s nothing permanent to steal.

You can learn more in our security advisory.

accordionmelody
August 20, 2025

Thank you. What I am wondering, however, is that it seems there may be a possibility to fix the reported issues. NordPass, Proton Pass, RoboForm, Keeper, and Dashlane have reportedly already addressed them, and according to Socket, Bitwarden, Enpass, and iCloud Passwords are all actively working on fixes. Could you elaborate on why 1Password cannot fix the demonstrated issues?  


https://socket.dev/blog/password-manager-clickjacking

1P_SimonH
Community Manager
August 22, 2025

Hi @accordionmelody,

We conducted a thorough review, including prototyping potential mitigations and investigating the solutions other password managers put in place. Through this review, we identified that many technical controls to detect and prevent clickjacking attacks come with limitations and can often be bypassed or break expected behavior for legitimate sites, as they don’t address the broader class of attack.

Our approach is to address this risk through confirmation prompts for sensitive data, autofill restricted to the exact sites to which your data belongs, and greater user control. These safeguards are already in place for credit card information, login/TOTP, and passkeys, and are extended to personally identifiable items in the next release (8.11.7.2 or 8.11.7 for Safari). That means users and businesses will have the option of turning on confirmation popups for sensitive data autofill. This approach reduces the likelihood of harm resulting from this particular class of attack and ensures they are clearly informed when autofill is happening, remaining in control of their user information.

DenalB
August 21, 2025

Thank you, @1P_SimonH , for the explanation.

But, as shown in the next video, there is no data, I actively fill in on a website. I just solve a puzzle and in the background all my items in my 1Password vault are shared with the hacker.

https://marektoth.com/video/dom-extension-clickjacking-demo2.mp4

The video shows what could happen, and this should be fixed immediately.

Don't get me wrong, it's also good to have the possibility to enable a confirmation, before autofill.

August 22, 2025

The video you linked is an example of an older iFrame-based vulnerability and, more importantly, does not apply to 1Password. You can see the same video you referenced in the researcher's paper at:

https://marektoth.com/blog/dom-based-extension-clickjacking/#iframe-based

There, the researcher says:

In this research focused on password managers, one of them had this issue.

In December 2023, I reported this clickjacking vulnerability in the NordPass password manager.

Above that quote, the researcher also stated that he was explaining the iFrame-based vulnerability only as background. It was not the subject of the current research:

I will first describe the IFRAME-based variant, which was not the research focus but may be unknown to many people.

Concerning how 1Password is vulnerable to clickjacking, @1P_SimonH said:

At most, a malicious or compromised webpage could trick you into autofilling one matching item per click, not everything in your account.

The researcher's conclusion agrees with that:

1 click = attacker gets your credentials incl. TOTP (only for vulnerable domain)

DenalB
August 28, 2025

Thanks for mentioning that! It wasn't clear to me. Now it is. Thanks. 🙏

August 21, 2025

It's good to see the fast traction with response to the https://marektoth.com/blog/dom-based-extension-clickjacking/.

I’m a long-time customer who trusts 1Password for my company, myself and my direct and extended family.

While I can dig deep in this forum and discover what settings I need to enable to stay safe, I can’t stand behind my team and extended family's shoulder to ensure they are protected and all the right settings are enabled.

 In light of this discovery, I would not only appreciate product updates, but also see 1password push distinct information campaigns and clear guidance to help non-experts stay safe.

1) Proactive In-App customer education (now)
Instead of just sending promotional emails from info@, get in front of user's eyes with best practices: In response of the spotlight on clickjacking vulnerability that has reached millions, be quick with an email + in-app banner/notification that links to a short, plain-language guide on what this is about and how to protect yourself.
Include the exact settings to reduce risk (with screenshots) for users concerned about this issue. 
When release new settings, make sure they are released as DEFAULTS not something the customer needs to learn about:
I understand 1password is built around convenience but convenience is an IDEAL, security is a MUST.

Best practices could highlight:

  • New Settings: Recommend to keep payment confirmations on; enable confirmations for all item types when the update lands. I had to dig to find this in the first place, just to see that these settings came DISabled.
  • Set critical Logins to fill on the exact site they were saved for.
  • Use a short auto-lock time for the extension.
  • Be comprehensive (consider all device types, OS / mobile apps)
  • (...)

2) Product hardening (upcoming releases)
I don't agree with Jacob's statement that all this can just be rolled off to user behavior and the way browser extensions are architected. Clickjacking is deception technique that may be able to be detected with some level of accuracy.

  • Add occlusion/overlay detection and refuse to fill when the page is dimmed, overlaid, or visually altered (popover/top-layer present, opacity/filters on html/body, etc.).
  • Move all sensitive fills (PII, TOTP, passkeys) to an out-of-page, trusted UI (same model used for payment confirmations), so page DOM tricks can’t hide prompts
  • Change defaults to exact-host matching; broader scopes must be explicit. (again be conservative)
  • Make prompts item-specific and contextual (“Fill Visa ••••4242 on checkout.example.com?”), never generic.
  • Provide enterprise policies to family accounts: e.g. allow me to enforce exact-host matching, require confirmations for all fills, disable PII/credit-card autofill, shorten auto-lock, and support a first-class “on-click” injection mode.
  • I'm sure your team has more ideas.


Even if there’s no single, comprehensive browser-level fix, layered defenses and safer defaults materially will reduce real-world risk—especially for non-technical users who rely on 1Passwords security.

I have been and want to keep recommending 1Password to other companies and family members.  It may be a mission shift but I would hope 1password sees it's responsibility to not only ship a secure product - but to provide the most secure experience end-to-end, closing gaps from product to the user - with the appropriate education at the appropriate time. 

If users would get this served to them by default, in bite-size in-app messages (without having to dig up their own research), It would make me sleep a lot better.

Thanks for engaging here and for the work already underway...

1P_Blake
Community Manager
August 28, 2025

Thanks for taking the time to write such a detailed comment @bhx! It’s clear you’ve really thought about both the technical side of this and the practical impact for people who may not be security experts. We share that focus, and your points around defaults, education, and layered defenses are very much in line with the kinds of conversations our teams are having internally.

On the product-hardening side, the research being discussed reviewed a wide range of technical implementations, many of which don’t apply to the 1Password browser extension. Our extension is already built with multiple layers of protection. It prevents other scripts from manipulating the extension interface and enforces strict origin-matching rules that stop unintended iframe autofill and common web-based attacks like many types of XSS.

Because the attack scenario assumes a fully malicious website with complete control over its own scripting and UI, there are limits to what additional preventative measures can achieve. For example, current browser behavior allows Popover APIs to be layered on top of each other, reducing the effectiveness of some proposed alternatives.

To address this risk, we’ve taken a product- and user-focused approach: a confirmation alert makes it clear when autofill occurs. This prompt is especially important for credit card and identity items, which can be autofilled on any webpage or domain. It’s important to note that login items already benefit from extensive safeguards, as they only autofill on domains that match the site saved in 1Password.

We remain committed to strengthening the extension, while also ensuring our protections are practical, reliable, and user-friendly. If you'd like to dig in further, we’ve published both a security advisory and a blog with additional details.

DenalB
August 22, 2025

@ericmacknight 
You will not find it in the 1Pasword iOS App. You have to open Safari Browser, open a website and open 1Password from the icon in front of the URL in the address bar. Then you have to switch to the settings of that 1Password extension. Under "Security" you'll find that new setting. The setting is enabled for credit cards by default.

August 22, 2025

Ah, sorry, I wasn't clear. I was referring to 1Password on my Mac, not on my phone. I tried something as close to what you describe, on my laptop, but did not find anything. 

Still confused, despite your kind attempt to unconfuse me ;^)

August 23, 2025

Has 1Password addressed this?  I'm a bit ticked that I had to find out about it from my newsfeed, and not a notification from 1Password:

https://www.tomsguide.com/computing/online-security/major-flaw-in-top-password-managers-lets-hackers-steal-your-login-details-2fa-codes-credit-card-info-and-more

August 24, 2025

[Update 8/21 3:40 AM EST] - 1Password sent BleepingComputer the following comment:

"Clickjacking is not unique to the 1Password browser extension. It is a long-standing web attack technique that affects websites and browser extensions broadly. Because the underlying issue lies in the way browsers render webpages, we believe there’s no comprehensive technical fix that browser extensions can deliver on their own.

We take this and all security concerns seriously, and our approach to this particular risk is to focus on giving customers more control. 1Password already requires confirmation before autofilling payment information, and in our next release, we’re extending that protection so users can choose to enable confirmation alerts for other types of data. This helps users stay informed when autofill is happening and in control of their data." - Jacob DePriest, CISO at 1Password

August 25, 2025

Hi,

the latest release of the 1Password Browser Extension is 8.11.7, yet, the Firefox Extension is still stuck at 8.11.4 - could you please have a look what's going on?

This especially means, Firefox users are currently missing out on the security feature in 8.11.7.2: https://support.1password.com/kb/202508/

1Password Releases:

Mozilla Add-ons page:

Thanks!

1P_Blake
Community Manager
September 3, 2025

Thanks for flagging this, and apologies for the delayed response. 😅

Firefox releases can sometimes appear later than other browsers due to Mozilla’s review process. The latest version has been approved since your comment and is live on the Firefox Add-ons site, so you should now be able to update to 8.11.8.40 which includes the fixes mentioned here.

rlatter
August 27, 2025

In my opinion, it is not acceptable for 1Password not to fix a known vulnerability because it can only steal the login credentials for sites one at a time.  You are right that 1P asks me to verify entry of passwords if the website name differs from what was originally input.  I usually just allow it without thinking.  Won't do that anymore.  I also will remove all browser extensions and look for another password manager.

1P_Blake
Community Manager
September 3, 2025

It's not that this is something we've chosen not to fix —  but rather that clickjacking is something no extension can completely fix on its own. There are partial mitigation approaches out there, but in our research and testing, they can break expected behavior without fully eliminating the risk.

The 1Password extension already has safeguards in place to protect against real-world risks like this. Logins only fill on the domains they’re saved for, and the extension blocks scripts from tampering with its interface. Credit cards have always required a confirmation prompt before filling, and in our latest release we’ve extended that same protection to other item types as well.

I hear your point about sometimes approving prompts out of habit — that’s exactly why we’ve focused on visibility and control, so autofill only happens when you mean it to. Paired with shorter auto-lock times, it’s another layer that makes clickjacking much harder to exploit.