A new technique called DOM-based extension clickjacking threatens browser-based password managers by allowing attackers to steal sensitive data through deceptive UI overlays. The attack affects major extensions and could potentially compromise millions of users worldwide. #ExtensionClickjacking #PasswordManagerVulnerabilities
Keypoints
- The attack manipulates DOM elements to trick users into revealing autofill data.
- Credential and credit card data can be extracted from multiple popular password managers.
- The exploit involves fake overlays, pointer-events manipulation, and mouse tracking.
- Several vendor extensions have released patches, but some remain vulnerable.
- Users are advised to disable autofill, limit extension permissions, and consider standalone password managers.
Read More: https://thecyberexpress.com/dom%e2%80%91based-extension-clickjacking/