CERT/CC Warns of Clickjacking Flaws in Password Managers (VU#516608)
CERT/CC VU#516608 warns that several popular password manager browser extensions are vulnerable to clickjacking, allowing attackers to trigger credential autofill or data exposure through hidden frames. Vendors are issuing patches, and users should disable automatic autofill where possible.
CORTEX Protocol Intelligence Assessment
Business Impact: Could expose stored enterprise credentials to phishing sites. Technical Context: DOM clickjacking enables UI redressing of password autofill elements.
Strategic Intelligence Guidance
- Update all browser extensions and password managers.
- Disable automatic autofill in browsers.
- Educate users on credential phishing through embedded frames.
- Use enterprise password vaults with anti-clickjacking defenses.
Vendors
Threats
Targets
Intelligence Source: CERT/CC Vulnerability Note VU#516608 – Password Manager Clickjacking | Oct 18, 2025