Password managers promise safety. Their browser extensions now have a blind spot that matters. New research shows attackers can hijack your clicks on a web page to trigger autofill and quietly pull logins, two factor codes, and credit card details. You do not need to install malware. Visiting a malicious page or a compromised site is enough.
The demo landed at DEF CON 33. Socket verified it and began filing CVEs. Six popular managers remain exposed in current versions. Some vendors shipped fixes. Others downplayed the report or are still working. The attack uses ordinary web tricks like overlays and opacity. It survives consent banners and fake captchas because your clicks do the work. If you rely on browser autofill, this is your risk window. Treat autofill as a convenience with a cost until your manager ships a fix that blocks clickjacking at the UI layer.
The Autofill Clickjacking Findings
Independent researcher Marek Tóth presented clickjacking flaws in major password manager browser extensions at DEF CON 33. Socket reviewed the work, reproduced the issues, and helped notify vendors. The attack runs on a malicious page or on legitimate sites compromised by cross site scripting or cache poisoning. A script hides the password manager interface using opacity or pointer events. It then places fake elements such as cookie banners or captchas over it. A user click lands on the hidden controls and triggers autofill. That can expose logins, two factor codes, and payment data. As reported by BleepingComputer, Socket coordinated vendor outreach and is filing CVEs for affected products.
Tóth showed several Document Object Model variants, including opacity changes on elements or parents and full or partial overlays. He also demonstrated a mode where the UI follows the mouse so any click fires autofill. A universal script can detect the active manager and adapt in real time.
Tested browser based variants of 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce leaked data under some scenarios. Current vulnerable versions include 1Password 8.11.4.27, Bitwarden 2025.7.0, Enpass 6.11.6 with a partial fix in 6.11.4.2, iCloud Passwords 3.1.25, LastPass 4.146.3, and LogMeOnce 7.12.4. Combined, these products serve about 40 million users.
Dashlane, Keeper, NordPass, ProtonPass, and RoboForm released fixes. Bitwarden says it addressed the issue in version 2025.8.0 rolling out this week. LastPass and LogMeOnce say they are working on changes. 1Password called the risk a general web issue and plans optional confirmation prompts beyond payment data. Vendors were first notified in April 2025. Socket is filing CVEs. Tóth advises users to disable autofill and use copy and paste until fixes land.
Autofill Turns Clicks Into Data Leaks
This matters because it removes the usual warning signs. You can lose secrets while browsing a legitimate site that an attacker briefly poisoned, and your own clicks do the work. No malware. No fake domain. If your vault is unlocked in the browser, a disguised banner or popup can trigger autofill and expose logins, two factor codes, and stored card data to a script that reads the page. Domain checks do not help here because the extension fills on the correct site while the attacker controls the page’s interface. That turns routine actions like accepting cookies into credential exfiltration. The attack targets the moment of convenience many people rely on, not your judgment about URLs.
The fallout goes beyond one account. A leaked password plus a captured two factor code can hand over your email, which then resets everything else. Attackers can run this at scale on ad landings, compromised blogs, or forum embeds and harvest credentials without tripping antivirus. If your manager stores payment cards or generates one time codes, the blast radius grows. Mixed vendor responses keep the window open. Some products shipped fixes. Others are rolling out changes. At least one treated the risk as a general web problem. During that gap, anyone who leaves autofill enabled and the vault unlocked for long sessions takes on quiet, ambient risk every time they click through clutter.
It also shifts how you should think about defenses. Many people adopted managers to beat phishing because autofill will not trigger on a lookalike domain. This finding shows the browser UI is now the weak point. Attackers can force a real autofill on the right domain and read the result. Passkeys resist this class of attack because they do not reveal a secret to the page and bind cryptography to the site origin. Most of your logins still use passwords today, so the exposure remains until vendors harden their extensions. Treat autofill as a setting with risk that depends on your habits, your sites, and your manager’s current build.
TenMostSecure Recommendations
You can lower your exposure today without throwing out your setup. Make autofill a deliberate step and shrink the time your vault stays open to clicks.
- Turn off autofill in the browser extension. Disable form autofill and inline icons, then use copy and paste from the desktop or mobile app or a keyboard shortcut to fill on demand. If you want a deeper walkthrough on why this helps, Android Police explains why disabling autofill reduces real world risk at scale.
- Lock the vault fast. Set auto lock to minutes, lock on browser lock and on system sleep, and require your master password or device biometrics every time. Avoid leaving the vault unlocked while casual browsing.
- Separate second factors and payment data. Prefer passkeys or a hardware security key over one time codes in the browser. If you use Time-based One-Time Password (TOTP), read the code from a separate device and paste it, and require confirmation before any payment fill or remove stored cards entirely.
- Update or switch to a build with fixes. Install the latest version if your vendor has shipped protections. Dashlane, Keeper, NordPass, Proton Pass, and RoboForm report fixes, and Bitwarden says 2025.8.0 addresses the issue, so verify your exact build number. If you are considering a change away from LastPass, our comparison of safer alternatives can help.
- Start moving key accounts to passkeys. Add passkeys on Google, Apple, Microsoft, PayPal, GitHub, and your bank if available, and use your device or a hardware key. That removes secrets the page can read and reduces exposure to UI driven fills.
This attack exploits convenience, not your judgment. Treat autofill as opt in with friction until your manager hardens its extension against clickjacking. Update or switch where fixes exist, keep your vault locked tight, and move high value accounts to passkeys. The mix of those steps reduces the chance that a routine click turns into a credential leak while vendors close the gap.