Bitwarden Quickly Fixes “Auto-Fill” Security Issue

The open-source password manager, Bitwarden, has quickly fixed a recently exposed security issue related to its auto-fill function.

As we reported earlier this month, security researchers discovered that attackers could steal users’ account passwords by leveraging Bitwarden’s auto-fill function through the insertion of a malicious iframe into a trusted website.

Now, Bitwarden has created a patch to address the issue, which changes how auto-fill works when a page is loaded. In the new version, Bitwarden will only enable auto-fill for domains and URLs that are explicitly trusted by the user. Additionally, Bitwarden will show a warning when users manually fill in an untrusted iframe.

Bitwarden will release a version update next week to introduce the patch.

Similar to previous versions, the new version of Bitwarden will still have auto-fill disabled by default.


Bitwarden Quickly Fixes "Auto-Fill" Security Issue





您的电子邮箱地址不会被公开。 必填项已用*标注