Then the cyber criminals will overlays fake elements like cookies and banners and even CAPTCHA. And once we fall on clicking the hidden controls, then they can get our sensitive information.
He also demonstrated that the UI follow the mouse cursor, it doesn't matter where you positioned, it will still trigger data autofills. So with this kind of attacks, criminals can gained access to all stored passwords, credit cards, and personal data (including crypto).
He term it as Document Object Model (DOM)-based extension clickjacking.
I haven’t been a fan of using most of those password managers, I think the most I’ve done is to allow Google to save my password for automatic logins but, this was from a time when I wasn’t conscious of security. Now, I’m always about typing my passwords myself, it reminds the mind what the codes are and it’s more safe.He also demonstrated that the UI follow the mouse cursor, it doesn't matter where you positioned, it will still trigger data autofills. So with this kind of attacks, criminals can gained access to all stored passwords, credit cards, and personal data (including crypto).
He term it as Document Object Model (DOM)-based extension clickjacking.
I have had some experiences with these trigger data autofills and it usually plays out when I’m visiting some streaming sites. You get to click a download button and it redirects to another site or page that is completely different from what you clicked. Other times you find an over lay with a hidden X button and sometimes, it doesn’t show at all. Clicking anywhere on the screen redirects to a different page. Most times, we tend to see this to an aggressive form of advertising but, it posses a huge danger of getting hacked.
https://marektoth.com/blog/dom-based-extension-clickjacking/
And after this exposure, most of the password managers remain vulnerable. And as Mark said, when he reach out to them, they never responded. So this is still very serious flaw on their system and hopefully they are going to be patched soon. For sure most of us might have used one or two of those password manager because we think we are safe with them.