Description:
A potential security vulnerability has been identified that could affect browser extensions like Kee. The issue involves DOM-based clickjacking attacks where malicious websites could potentially overlay or manipulate extension UI elements to trick users into unintended actions.
Reference:
https://marektoth.com/blog/dom-based-extension-clickjacking/
Potential Impact:
- Malicious websites could potentially overlay Kee's password fill dialogs or UI elements
- Users might be tricked into authorizing password fills or other sensitive actions on malicious sites
- Could lead to credential theft or unauthorized access to password data
Would appreciate investigation and feedback from the development team on current protections against this type of attack vector.
Description:
A potential security vulnerability has been identified that could affect browser extensions like Kee. The issue involves DOM-based clickjacking attacks where malicious websites could potentially overlay or manipulate extension UI elements to trick users into unintended actions.
Reference:
https://marektoth.com/blog/dom-based-extension-clickjacking/
Potential Impact:
Would appreciate investigation and feedback from the development team on current protections against this type of attack vector.