Skip to main content
December 18, 2025
Solved

1Password Chrome extension is incorrectly manipulating blocks

  • December 18, 2025
  • 22 replies
  • 11720 views

The latest 1Password Chrome extension is incorrectly manipulating the DOM within <code> blocks on static pages. It looks it's using prism.js to try to add syntax highlighting to <code> blocks on the entire page. If you're using a static site generator to highlight code with a different library, it causes the display to break.

Example: mkdocs, a popular documentation tool

If you view the documentation for customizing Mkdocs material (https://squidfunk.github.io/mkdocs-material/customization/) with the extension enabled, you'll see that the YAML example at the top is not highlighted (it should be). 

Under the hood, if you inspect its DOM, you can see that it's been rewritten with prismjs classes.

If you disable the extension, it is highlighted:

This is likely to impact a number of documentation sites in the tech community.

Best answer by 1P_Blake

Hey everyone! I want to thank everyone who called our attention to this and explain what happened and what we’re doing about it.

What happened: Prism.js is a syntax-highlighting library we use for our Labs Snippets feature. While optimizing our build to reduce bundle size, we unintentionally bundled Prism.js into the extension in a way that caused it to run on pages where it shouldn’t, which interfered with code formatting on certain sites. We apologize for the inconvenience this caused.

What we’re doing about it:  We’ve completed the fix and submitted it to the Chrome Web Store, along with Firefox, Edge, and our other supported extension storefronts. Rollout timing depends on each store’s review process, but we expect it to land over the next few days.

We want to emphasize that vault security was not impacted. At 1Password, protecting our customers’ privacy, passwords, and credentials is our highest priority.

Check out our postmortem covering what went wrong, the timeline, and the concrete changes we’re making to how we build and release future browser extension updates: Incident Postmortem - 1Password Browser Extension Code Syntax Rendering Issue

22 replies

January 8, 2026

I'm really not sure why Re: Has something changed: http:// not filling in any more? has been merged into this discussion, as this seems like a completely different issue.   This update has not solved anything  -  I am still unable to use 1Password on local http:// sites.  Using version 8.11.27.2, (Chrome, Mac) I am still unable to use 1Password to fill/auto fill, same error in console: 

Failed to fetch chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/inline/injected.js, Import failed 3 times. Final error: window.crypto.randomUUID is not a function"

@1P_Blake can you please let us know when this issue will be solved?

Thanks!

takuyahara
February 15, 2026

Hello 1p team incl. @1P_Blake,

I'm waiting for a postmortem which has stated to be published 46 days ago. When will it be published?

1Password Chrome extension is incorrectly manipulating &lt;code&gt; blocks | 1Password Community

1P_Blake
Community Manager
February 20, 2026

I've updated my pinned comment with a link to the postmortem! 🙂

https://1password.statuspage.io/incidents/vkm6tvh2b568