Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

LastPass, 1Password, and Keeper under fire! Widespread zero-day bugs detected, putting millions of users at risk.

Redazione RHC : 21 August 2025 07:42

A cybersecurity expert has identified zero-day vulnerabilities affecting eleven popular password managers, potentially putting tens of millions of users at risk of credential theft with a single malicious click.

An innovative attack strategy, known as “DOM-based Extension Clickjacking,” marks a substantial advancement over traditional online clickjacking methods.

Research by security expert Marek Tóth reveals that attackers can exploit these vulnerabilities to steal credit card data, personal information, login credentials, and even two-factor authentication codes from unsuspecting users.

DOM-based Extension Attack Chain

Unlike traditional approaches, which attack web applications through invisible iframes, this strategy alters user interface elements inserted by password manager extensions into web pages’ DOM structures. By making them invisible but still clickable.

When users encounter seemingly legitimate elements, such as cookie consent banners or CAPTCHA questions on compromised websites, a single click can trigger the auto-filling of hidden forms with stored sensitive data.

The attack works by creating malicious scripts that hide the extension’s user interface elements through manipulation. JavaScript, specifically through opacity adjustments and DOM overlay techniques. Tóth’s in-depth research tested eleven well-known password managers, including industry leaders like 1Password, Bitwarden, LastPass, Dashlane, Keeper, and others.

The results were alarming: all tested password managers were initially vulnerable to at least one variant of the DOM-based Extension Clickjacking technique. The vulnerabilities affect approximately 40 million active installations across the Chrome Web Store, Firefox Add-ons, and Edge Add-ons platforms.

Six out of nine password managers tested were vulnerable to credit card data exfiltration, while eight out of ten could be exploited to exfiltrate stored personal information.

Perhaps most concerning is that ten out of eleven password managers were susceptible to credential theft, including Time-based One-Time Password (TOTP) codes used for two-factor authentication.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli