Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. […]
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. […]
Nah you’ll be alright, using the desktop app is fine; the attack works by first having you go to a compromised page, and then the page has some code to trick the password manager into auto filling your details without your consent or knowledge.
1Password’s extension pops up a notice when filling some sensitive data and that notice cannot be hidden by the page you’re on, like credit card data and maybe personal ID information, but regular passwords and 2fa don’t have that confirmation. Can’t speak for other managers on that, but generally if you just don’t use the extension and instead manually copy and paste from the password manager, you’re immune to this attack.