1Password Extension Hijack

New Contributor

7 months ago

Yup, watched that YT video on this as well. I can't help to think that this is just sneaky enough to fool even experienced users. While I don't think I've seen this before with 1P, new versions of other extensions do sometimes force a clearing of cached credentials, logout, and prompt you enter them again.

I don't use Chromium-based browsers, but many do. We shouldn't be so quick to dismiss as to "Not 1P's problem" though. The browser plug-in ecosystem is where 1P lives --- that's where it's useful, and without that, I probably wouldn't be a subscriber. If there are adjacent risks, or threats within that same system, it would be foolhardy to not at least investigate and remediate. And maybe 1P has already looked into it -- and would be interested as well to hear what's being done.

Forum Discussion

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

1Password Beta + SSH Agent + Hyprland

Tahoe - biometrics sensors have been locked out

Package manager support on arm64 Linux distributions

Trouble with passkey and Safari

Incorrect accent colour on Windows