The open-source password manager, Bitwarden, has quickly fixed a recently exposed security issue related to its auto-fill function.
As we reported earlier this month, security researchers discovered that attackers could steal users’ account passwords by leveraging Bitwarden’s auto-fill function through the insertion of a malicious iframe into a trusted website.
Now, Bitwarden has created a patch to address the issue, which changes how auto-fill works when a page is loaded. In the new version, Bitwarden will only enable auto-fill for domains and URLs that are explicitly trusted by the user. Additionally, Bitwarden will show a warning when users manually fill in an untrusted iframe.
Bitwarden will release a version update next week to introduce the patch.
Similar to previous versions, the new version of Bitwarden will still have auto-fill disabled by default.