A newly disclosed class of vulnerabilities in browser extensions for major password managers exposes tens of millions of users to credential and financial data theft through sophisticated clickjacking attacks. Security researcher Marek Tóth identified and presented these “DOM-based extension clickjacking” flaws at DEF CON 33, demonstrating how a single click on a malicious webpage could trigger the automatic exfiltration of sensitive information stored within a password vault1. The technique manipulates the Document Object Model (DOM) to render a password manager’s autofill interface invisible, overlaying it with deceptive elements that trick users into initiating an unintended data transfer.
The attack vector affects browser extensions from 1Password, Bitwarden, LastPass, LogMeOnce, Enpass, and Apple’s iCloud Passwords, representing a significant portion of the password management market12. According to analysis by cybersecurity firm Socket, approximately 40 million users remain vulnerable to these unpatched flaws as of August 20, 20252. The vulnerabilities enable attackers to harvest login credentials, two-factor authentication codes, credit card details including CVV numbers, and personal identity information through what appears to users as routine interactions with web content.
Technical Mechanism of DOM-Based Extension Clickjacking
The exploitation technique relies on JavaScript manipulation of webpage elements to create a scenario where the password manager’s autofill interface becomes transparent and is positioned beneath attacker-controlled elements. Tóth’s research demonstrates how malicious scripts can detect which password manager a victim uses and dynamically adapt the attack method1. The attacker sets the CSS opacity property of the password manager’s autofill UI to zero, making it invisible to the user, then overlays deceptive clickable elements such as fake cookie consent banners or download buttons.
When the user clicks on these deceptive elements, they actually interact with the invisible password manager interface, triggering the autofill functionality. The credentials or other sensitive data are then populated into hidden form fields controlled by the attacker, which automatically submit this information to a remote server. This attack bypasses traditional web security mechanisms because it occurs entirely within the context of a single webpage and exploits the trusted relationship between the password manager extension and the browser.
The technique becomes particularly dangerous when combined with cross-site scripting (XSS) vulnerabilities on legitimate websites. In such scenarios, attackers can leverage existing XSS flaws to inject their malicious scripts, potentially stealing time-based one-time passwords (TOTP) and hijacking passkey authentication flows1. This expands the attack surface beyond purely malicious websites to include compromised legitimate sites that users trust.
Vendor Response and Patch Status Divergence
The security community has witnessed a significant divergence in how password manager vendors have responded to these vulnerabilities. As of August 20, 2025, six major providers remain vulnerable according to Tóth’s disclosure: 1Password (version 8.11.4.27), Bitwarden (2025.7.0), LastPass (4.146.3), LogMeOnce (7.12.4), Enpass (6.11.6), and iCloud Passwords (3.1.25)1. Several vendors have addressed the vulnerabilities in their products, including Dashlane (v6.2531.1), Keeper (v17.2.0), NordPass, Proton Pass, and RoboForm1.
Vendor responses to the vulnerability disclosures have varied considerably. According to Socket’s analysis, 1Password and LastPass dismissed the reports as “informative” or “out-of-scope,” arguing that clickjacking represents a general web risk rather than a specific vulnerability in their products2. This stance suggests these vendors are unlikely to implement patches for these specific attack vectors. Bitwarden initially downplayed the severity but later confirmed a fix was rolling out in version 2025.8.04. LogMeOnce failed to respond to any contact attempts throughout the disclosure process2.
The disparity in vendor responses highlights a fundamental disagreement within the security community about responsibility for mitigating this class of attacks. Some vendors appear to consider clickjacking protection as primarily a website developer’s responsibility, while others have implemented additional security measures within their extensions to prevent unauthorized automatic filling of credentials.
Historical Context and Industry Framework
This is not the first instance of clickjacking vulnerabilities affecting password managers. Research from Bitdefender in 2017 documented similar issues with Keeper’s password manager extension, indicating this represents a recurring threat class rather than a novel vulnerability type5. The persistence of these vulnerabilities across multiple products and years suggests a systemic challenge in securing browser extension interfaces against UI redressing attacks.
The Open Web Application Security Project (OWASP) Web Security Testing Guide explicitly includes testing for “Vulnerable Remember Password” functionality under designation WSTG-ATHN-055. This framework specifically recommends analyzing automatic credential injection for vulnerabilities to Clickjacking and CSRF attacks, placing the current disclosures within an established security testing paradigm. The fact that these vulnerabilities persist despite being documented in industry-standard testing guidelines raises questions about implementation priorities among password manager developers.
Academic research from ScienceDirect in 2024 on “Unmasking the hidden credential leaks” provides additional context for understanding the severity of these practical exploits, highlighting the systemic risks associated with credential management failures5. The research community has consistently identified browser extensions as particularly vulnerable components in the security ecosystem due to their privileged access to browser functionality and user data.
Immediate Mitigation Strategies for Organizations
For organizations managing enterprise password manager deployments, several immediate mitigation strategies can reduce risk while awaiting vendor patches. The most effective temporary mitigation involves disabling automatic filling functionality within browser extensions and instead relying on manual copy-paste operations from the password manager’s standalone application or main interface1. This approach eliminates the automated filling mechanism that the attack exploits while maintaining access to stored credentials.
For Chromium-based browsers including Google Chrome, Microsoft Edge, and Brave, administrators can configure extension site access settings to “On click” instead of “On specific sites” or “On all sites”1. This setting prevents extensions from automatically running on websites until explicitly activated by the user, effectively neutralizing the clickjacking attack vector. Enterprise deployment tools such as Group Policy or mobile device management (MDM) solutions can enforce this configuration across organizational devices.
Security teams should implement additional monitoring for anomalous network traffic that might indicate credential exfiltration attempts. Detection rules focusing on unexpected form submissions to unfamiliar domains, particularly those containing encoded or encrypted data patterns consistent with credential exfiltration, can provide early warning of exploitation attempts. Web application firewalls and network monitoring solutions should be configured to alert on these patterns.
Broader Implications for Browser Extension Security
The disclosure of these vulnerabilities has implications beyond password managers, potentially affecting other categories of browser extensions that modify webpage content or provide automated filling capabilities. Extensions for cryptocurrency wallets, form filling services, and personal information managers may be vulnerable to similar DOM-based clickjacking techniques if they automatically inject content into webpages without adequate user confirmation mechanisms.
The research demonstrates that a single attack script can detect which extensions a victim uses and adapt the exploitation method in real-time1. This capability suggests that attackers could potentially target multiple extension types with a unified attack framework, expanding the potential impact beyond password management tools. Extension developers across various categories should review their UI integration approaches for similar vulnerabilities.
Browser vendors face increased pressure to provide more robust security APIs for extension developers to prevent these types of attacks. Potential solutions might include mandatory user confirmation dialogs for automated filling actions, improved isolation between extension content and webpage content, or enhanced permissions models that require explicit user approval for specific types of DOM manipulation.
The password manager clickjacking vulnerabilities represent a significant threat to organizational security, particularly given the widespread adoption of these tools and the sensitive nature of the data they protect. While some vendors have addressed the issues, the continued vulnerability of major players highlights the challenges in securing browser extension ecosystems. Organizations should implement immediate mitigations while monitoring for vendor updates and considering the long-term implications for their credential management strategies.
