Browser-based password managers clickjacking fixes (August 2025)

Security Patch Release

First reported

20.08.2025 17:49

Last updated

20.08.2025 17:49

Happening score

H score 22

1 unique sources, 1 articles

Summary

Hide ▲

Multiple vendors rolled out fixes for browser-based password managers affected by clickjacking flaws, reducing the chance that autofill actions leak credentials, 2FA codes, and payment details. Bitwarden said the issue was fixed in 2025.8.0, while Dashlane and other vendors also shipped updates. Users were told to move to the latest available versions so the protections take effect.

Timeline

20.08.2025 17:49 1 articles · 9mo ago

Dashlane releases v6.2531.1

Mitigation Patch Update
Dashlane releases v6.2531.1 to address clickjacking flaws affecting browser-based password managers, reducing the chance that hidden overlays can trigger autofill and expose credentials or payment data.
Show sources

Major password managers can leak logins in clickjacking attacks — www.bleepingcomputer.com — 20.08.2025 17:49
Open in new tab
20.08.2025 17:49 1 articles · 9mo ago

Bitwarden 2025.8.0 and other fixes roll out

Mitigation Patch Update
Bitwarden says the clickjacking issues have been fixed in version 2025.8.0, rolling out this week, while LastPass and LogMeOnce say they are working on resolving the issues. Dashlane had already released v6.2531.1 on August 1, and NordPass, ProtonPass, RoboForm, and Keeper also implemented fixes.
Show sources

Major password managers can leak logins in clickjacking attacks — www.bleepingcomputer.com — 20.08.2025 17:49
Open in new tab

Summary

Timeline

Dashlane releases v6.2531.1

Bitwarden 2025.8.0 and other fixes roll out