What's the most common example of an alternative attack with autofill?

kaoD 5 days ago | parent | next [-]

The password manager's autofill browser extension gets compromised.

	▲	eviks 4 days ago \| parent \| next [-]
		Common? Which of the good pw managers' extensions have been compromised in the last year?
	▲	EE84M3i 4 days ago \| parent \| prev [-]
		This used to happen with some frequency but I haven't heard of it happening in some time now.

▲

karel-3d 4 days ago | parent | prev | next [-]

just recently there was a clickjacking attack that affected most popular password manager extensions. It tricked the managers into filling passwords to random pages, worked on almost all extensions and all pages.

▲

eviks 4 days ago | parent [-]

Are you refering to this one https://marektoth.com/blog/dom-based-extension-clickjacking?

This doesn't seem to be "passwords on random pages", only "Personal Data + Credit Card,", passwords are domain-specific unless the website is hacked itself.

> The attacker can only steal credentials for the vulnerable domain.

	▲	karel-3d 4 days ago \| parent [-]
		ok that's nice

▲

5 days ago | parent | prev [-]

[deleted]