Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Re: Browser Extension Risk Clickjacking
Has 1Password addressed this? I'm a bit ticked that I had to find out about it from my newsfeed, and not a notification from 1Password:
https://www.tomsguide.com/computing/online-security/major-flaw-in-top-password-managers-lets-hackers-steal-your-login-details-2fa-codes-credit-card-info-and-more
5 Replies
Thanks for the updates. I wonder why the other password managers implemented a fix, and not 1Password?
Until fixes become available, Tóth recommends that users disable the autofill function in their password managers and only use copy/paste.
BleepingComputer has contacted all vendors who haven’t pushed fixes onto their products yet, and we will update this post with their responses once they reach us.
[Update 8/20 3:20 PM EST] - LastPass and LogMeOnce reached out to BleepingComputer following the publication of this article to explain that they too are working on resolving the issues raised in Tóth's report.
[Update 8/20 3:40 PM EST] - Edited the vendor notification timeline for better accuracy, based on new information received from Socket.
[Update 8/20 4:15 PM EST] - LastPass sent BleepingComputer the following statement:
The vendors that implemented fixes are Dashlane (v6.2531.1 released on August 1), NordPass, ProtonPass, RoboForm, and Keeper (v17.2.0 released in July). However, users should make sure that they're running the latest available versions of the products.
