Forum Discussion
The Chrome extension fills PW when it should not.
For a user in a specific vault, even if they are granted only the "view items" permission (with no other permissions and no "client settings" access), it is still possible to auto-fill a login password if such an item exists. This seems illogical because, despite restricting access to the password in the Desktop app, Web app, Mobile app, and even the Chrome extension, the autofill feature still allows the password to be used. It defeats the purpose of granting minimal permissions, as the autofill feature introduces a potential security leak. Am I misunderstanding something here?
1Password Version: Not Provided
Extension Version: 2.27.1
OS Version: Sonoma 14.5
Browser: Chrome
2 Replies
For a user in a specific vault, even if they are granted only the "view items" permission (with no other permissions and no "client settings" access), it is still possible to auto-fill a login password if such an item exists. This seems illogical because, despite restricting access to the password in the Desktop app, Web app, Mobile app, and even the Chrome extension, the autofill feature still allows the password to be used. It defeats the purpose of granting minimal permissions, as the autofill feature introduces a potential security leak. Am I misunderstanding something here?
1Password Version: Not Provided
Extension Version: 2.27.1
OS Version: Not Provided
Browser: Chrome
