Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Support for Imput's Helium Browser
Hiya! I'm an avid 1Password user and I utilize every possible corner of it. BUT there's a certain issue that I'm facing when I'm using it with unsupported browsers. Mainly, Helium Browser (https://github.com/imputnet/helium) which includes unbiased privacy at no compromise to webpage functionality isn't supported. This is an issue because there's no other browser I'd use. The problems that arise are apparent on all platforms, like: Manual addition in the 1Password app on macOS (which, lately, seems to spaz out when using it with the extension) Inability to use with the system app on Windows which inconveniences users by making them log into their vault twice (which, if I guarantee, many have a complex password for and can't bore themselves typing it out multiple times per session) Broken behaviour on Linux, where even with the custom browser config it still can't unlock the vault if it's unlocked on the system. No, I wasn't running the Flatpak version. IMHO 1Password is better than the competition in terms of UX, but seeing my daily driver struggle with that with no way to fix without resorting to this is awful.
1password constantly prompting for passkey on some sites
When visiting some sites that supports passkey (UpWork.com is one), I often get bugged about passkeys on every single page visit I make. The passkey notice is quite annoying and has to be dismissed constantly. I'm using Safari 26.1 on MacOS, with the 1password extension. Is it supposed to be like this? I know I can disable the prompts for passkey altogether, but I do use it on some sites and it's helpful at times. It's just that some websites cause it to prompt constantly which is very annoying.
1Password Chrome extension is incorrectly manipulating <code> blocks
The latest 1Password Chrome extension is incorrectly manipulating the DOM within <code> blocks on static pages. It looks it's using prism.js to try to add syntax highlighting to <code> blocks on the entire page. If you're using a static site generator to highlight code with a different library, it causes the display to break. Example: mkdocs, a popular documentation tool If you view the documentation for customizing Mkdocs material (https://squidfunk.github.io/mkdocs-material/customization/) with the extension enabled, you'll see that the YAML example at the top is not highlighted (it should be). Under the hood, if you inspect its DOM, you can see that it's been rewritten with prismjs classes. If you disable the extension, it is highlighted: This is likely to impact a number of documentation sites in the tech community.Autofill not working with Chrome extension on Mac
I've seen what look like similar reports but I'm not sure they are exactly the same. I'm using Chrome on Mac (Ventura and Tahoe). When I hit the autofill shortcut key, if 1password is locked I get the popup asking for my password, but once unlocked, it no longer fills in my username and password. If I click in the user name field my login pops up as a choice underneath the field, but nothing happens automatically like it used to. There is a partial workaround, which is to press Shift-Command-X, which opens a popup window and has the correct item as the first choice, so if I hit Enter at that point it does fill in my user name and password. It's just an annoying extra step which shouldn't be necessary. Is this a known issue? Does anyone know if it's being addressed? (This is my first time on here - does 1password support read these posts?)
crypto.randomUUID is not a function S @ inject-content-scripts.js:5
FYI: I bumped into an error associated with 1Password Beta extension 8.10.56.22 when I was inspecting a site for an unrelated reason. This is not impacting me, just thought you might like to know. Site is http://atecconnectors.com/atec/index.cfm Chrome Dev console says "inject-content-scripts.js:5 Failed to fetch chrome-extension://khgocmkkpikpnmmkgmdnfckapcdkgfaf/inline/injected.js, Import failed 3 times. Final error: crypto.randomUUID is not a function S @ inject-content-scripts.js:5" The DevTools AI Assistant added this, which I didn't read but looks interesting: "Explanation Okay, let's break down why you're getting the "Failed to fetch ... Import failed 3 times. Final error: crypto.randomUUID is not a function" error and how to fix it. Understanding the Error The error message tells us a few critical things: Failed to Fetch: The browser is trying to load a JavaScript file from a Chrome extension ( chrome-extension://khgocmkkpikpnmmkgmdnfckapcdkgfaf/inline/injected.js). Import Failed 3 Times: The browser attempted to load the file three times and failed each time. This suggests the issue is not a temporary network hiccup but something fundamental. crypto.randomUUID is not a function: This is the root cause of the failure. The crypto.randomUUID() method is a relatively new web standard (part of the Web Crypto API) that is used to generate cryptographically secure UUIDs. The browser (or, more likely, the context where this code is running) doesn't support it. Where the Problem Likely Lies The problem is most likely in the injected.js file, as the error is complaining about something inside this extension file. Although the error is shown while your web app is working, the problem is not with your app code itself, but rather, the extension injecting this injected.js file. Older Extension Code: The extension is injecting a file that uses crypto.randomUUID(). If the extension was built targeting an older version of Chrome or a different browser that didn't support crypto.randomUUID(), this method may have been added later or not added by the extension authors. Old browser version: An old browser version may not support crypto.randomUUID. Why Your Web App Code is Involved (Indirectly) Your web app's code triggers the extension's injection mechanism. Your code doesn't directly use crypto.randomUUID(). Dissecting the Given Code (and How it Relates) Let's look at the code snippet you provided and see how it contributes to triggering the error, even if it's not causing it: Code (l),i.filter(p).forEach(s=>{let u=b();e.addEventListener("DOMContentLoaded",()=>{l(s).then(u.resolve)},{once:!0}),a=[...a,u.promise]})):(`${n}`,a=[...c,...i].filter(p).map(l)),Promise.all(a)},y=()=>{let e=chrome.runtime.getURL(""),t=new URL(e),r=t.protocol,o=t.host;return`${r}//${o}`},m=(e,t)=>{chrome.runtime.sendMessage({name:"report-error",data:{name:"InjectContentScript",message:e,severity:"error",stack:t}})},S=(e,t)=>{if(!h(e)){console.error(t),m(t);return}let r=`${t}, ${e.message}`;console.error(r),m(r,e.stack)},l=async e=>{if(`${n}${e.label}`,e.world==="ISOLATED")try{await C(e.path)}catch(t){return S(t,`Failed to fetch ${e.path}`),Promise.resolve(void 0)}else{let t="Only isolated script injection has been supported";throw m(t),new Error(t)}},C=async e=>{let t=[];try{await T(e);return}catch(i){t.push(i)}await d(25);try{await import(e);return}catch(i){t.push(i)}await d(50);try{await import(e);return}catch(i){t.push(i)}if(t.length===0)throw new Error("Logic error: unreachable code w Use code snippets with caution Content Script Injection: The code heavily suggests that it's part of a system for dynamically injecting content scripts (scripts that run in the context of a web page) into web pages. This is common for browser extensions. l Function: This is likely the main function for managing the injection of a script. It checks if the target world is "ISOLATED" (a way of running a script in a sandboxed environment). C Function: This is the function that actually attempts to load the script. It tries import() three times, with delays (d(25), d(50)) in between each attempt. The file it tries to import is given in e.path. The error message we are getting is probably coming from this code. chrome.runtime.getURL(): This function is crucial for extensions. It is getting the URL to fetch files from the extension itself. This makes the browser look inside the extension for the injected.js file. Error reporting: The code contains functions m and S which are sending errors to the extension, probably for debug or error tracking purposes. import(e): The repeated import(e) is the exact point where the error happens. When the injected.js is being imported, it uses the crypto.randomUUID, and since it is unsupported, it fails. Solution and Workarounds Since the problem is in an external extension file, you cannot directly modify the injected.js code. Your solutions are more about working around the issue or ensuring the extension is updated: Update the Extension: If the extension is from the Chrome Web Store, check if there's an update available. The extension's developer may have fixed this bug. Contact the extension support and report the issue. Find an Alternative Extension: If updating doesn't work or there's no update, see if there's a different extension that offers similar functionality and doesn't have this problem. Polyfill: If the extension is not maintained, a way to avoid the issue could be to implement a polyfill. This polyfill could be injected before the extension's injected.js and would create the crypto.randomUUID if it doesn't exists. Disable the Extension: If you don't need the extension at all, disable it in your browser's extension settings. Use a different browser: An old browser version could be the cause of the issue. Try using a newer browser version. Important Considerations Security: Be cautious about disabling security-related extensions. Make sure you understand the risks involved. Extension Development: If you are the developer of the extension, replace crypto.randomUUID() by a compatible UUID method or add a polyfill. In Summary The error "crypto.randomUUID is not a function" in your scenario means that the injected.js file within the extension is trying to use a feature that's not available in the execution environment. You can fix this by updating or replacing the extension, or by using a polyfill. You must investigate which extension is injecting this file. Data used to understand this message Use search instead AI tools may generate inaccurate info that doesn't represent Google's views. Data sent to Google may be seen by human reviewers to improve this feature. Open settings or learn more
Feature Request: Autofill Activity Log to Track
I have two important security feature requests that would significantly help protect users from unauthorized charges and fraudulent activities: Request 1: Autofill Activity Log In our non-secure internet environment with millions of phishing sites, credit cards are at constant risk. I would like to request a simple but necessary feature to log all autofill activities. This log should track: - Which account/website received autofilled data - What type of data was filled (credit card, personal info, etc.) - When the autofill occurred When users wake up with unauthorized credit card charges, they could check this log to identify exactly where their card information was entered. This would be invaluable for investigating fraudulent transactions and understanding how their data was compromised. Request 2: Enhanced Security Safeguards (1Pass) I also request that 1Password implement stronger security guards that can: - Detect and warn users if a site appears to be phishing - Verify that card forms are contained within authorized iframes and not in suspicious containers - Alert users when data collection might be happening on unverified forms - Prevent autofill on suspicious or unverified payment forms These two features would provide users with both accountability (knowing where their data went) and protection (preventing accidental submission of data to malicious sites). This would be a significant step forward in browser security and payment protection.
Bug: 1Password Browser Extension and Standalone App connection problem
Hi, I recently noticed that 1Password's Browser Extension (Edge / Brave) have connection problem with the standalone app. Scenario 1: When I unlock the standalone app it does not unlock its browser extension app. And I have to enter the password again to unlock the browser extension's app. Scenario 2: When browser extension is unlocked it does not unlock the standalone app (which I believe was always the case, but I am not sure), but when I manually lock the standalone it does not lock the browser extension's app. Also, I noticed there is a "connection problem" from the browser extension app. I have reinstalled both browser extension as well as standalone but the issue is same, also for both EDGE and Brave browser. My current standalone version 1Password for Windows 8.11.18 (81118036)
