Find notable cyber news and cases, enriched with sources, timelines, and signals.

Browser-based password managers unpatched clickjacking flaws security flaw

Vulnerability
First reported
Last updated
Happening score
H score 64
1 unique sources, 1 articles

Summary

Hide ▲

Researchers verified unpatched clickjacking flaws in browser-based password managers, putting tens of millions of users at risk of leaked credentials, 2FA codes, and credit card details.

Related Happenings

LastPass customer password vault backups exposed

Data Leak
H score71 First: 05.01.2026 11:30 Last: 05.01.2026 11:30 Sources 1

About this happening: The **2022 LastPass data leak** exposed backups of about **30 million customer password vaults**, leaving more than **25 million users** with a **long-tail risk** of offline crack...

1Password and Browserbase launch Secure Agentic Autofill for AI browser-agent authentication

Security Tool/Service
H score12 First: 11.10.2025 00:27 Last: 11.10.2025 00:27 Sources 1

About this happening: **1Password** and **Browserbase** launched **Secure Agentic Autofill**, a new security capability that helps **AI browser agents** authenticate without exposing credentials. The l...

Password manager browser add-ons DOM-based extension clickjacking security flaw

Vulnerability
H score65 First: 20.08.2025 20:54 Last: 20.08.2025 20:54 Sources 1

About this happening: **11 password manager browser add-ons** were shown vulnerable to **DOM-based extension clickjacking**, enabling a **single click** on attacker-controlled content to trigger auto-f...

Latest development: 29.08.2025 12:58

Click Studios released Passwordstate 9.9 (Build 9972) on August 28, 2025 to fix a high-severity authentication bypass against the core Passwordstate Products' Emergency Access page and added protections against potential clickjacking attacks in the browser extension, likely in response to DOM-based extension clickjacking findings affecting password manager browser add-ons.

Timeline

  1. 20.08.2025 17:49 1 articles · 10mo ago

    Browser-based password managers unpatched clickjacking flaws security flaw

    Initial Disclosure

    At **DEF CON 33**, researcher **Marek Tóth** disclosed a set of **clickjacking flaws** in **browser-based password managers** that could force autofill and reveal stored secrets.

    Show sources