This vulnerability was discovered by security researchers from The Hacker News. The following password managers have affected browser extensions that are based on DOM (Document Object Model):
- 1Password
- Bitwarden
- Dashlane
- Enpass
- iCloud Passwords
- Keeper
- LastPass
- LogMeOnce
- NordPass
- ProtonPass
- RoboForm
Passkeys don’t seem vulnerable to this. Why we still have username/password combos in 2025 is beyond me.Edit: Downvoted myself because I’m obviously wrong.
Passkeys were very much vulnerable, based on the original articles charts.