At DEF CON 33, independent security researcher Marek Tóth revealed a new class of attack called DOM-based extension clickjacking that can manipulate browser-based password managers and, in limited scenarios, hijack passkey authentication flows. This is not a failure of cryptography itself, but a breakdown in the layers surrounding it.
What is being attacked, and how?
Clickjacking is not new. In its classic form, an attacker overlays a transparent frame or control on a visible page so that a user thinks they are clicking one thing but actually triggers another.
What Tóth’s technique adds is the targeting of browser extensions’ UI elements specifically, the autofill prompts that password managers inject into web pages. The attacker’s script controls the page’s Document Object Model (DOM) and applies CSS tricks (such as setting opacity to zero or overlaying fake elements) so that a user’s genuine click (for example, “Accept cookies”) also activates that hidden autofill element. The result: the extension may populate fields transparently, then the attacker reads the filled data.
In many of Tóth’s tests, a single click was sufficient to trigger data leakage credentials, TOTP codes (2FA), credit card information, or personal data. In some setups, passkey workflows could also be subverted using “signed assertion hijacking,” if the server did not enforce session-bound challenges.
How serious is the exposure?
Tóth examined 11 popular password-manager extensions (such as Bitwarden, 1Password, LastPass, iCloud Passwords). All were vulnerable under default settings to at least one variant of the attack.
Among the risks:
Credential theft: Usernames, passwords and even stored TOTP codes could be auto-populated and exfiltrated.
Credit card data: Autofill of payment fields (card number, expiration, CVV) was exposed in several tests.
Passkey hijack: If the relying server does not bind the challenge to a session, an attacker controlling a page could co-opt a passkey login request.
Some vendors have already released patches. For example, Enpass addressed clickjacking in browser extensions in version 6.11.6. Other tools remain at risk under certain configurations.
Why this doesn’t mean cryptographic failure
It is critical to clarify: the underlying passkey standards (WebAuthn / FIDO protocols) were not broken. Instead, the attack targets the implementation and environment around them namely, the browser’s extension UI interaction. The exploit is possible only when the extension injects visible elements into the page DOM, and when an attacker can manipulate those elements.
In other words, passkeys are strong in theory. But every layer above — browser, extension, site must preserve integrity or risk defeat.
What must users and organizations do
Users should:
1. Update your browser and your password-manager extensions immediately; enable auto-update.
2. Disable inline autofill where possible; prefer manual copy-paste or invoke filling only through the extension’s menu.
3. On Chromium-based browsers, set extension site access to “on click,” not “all sites.”
4. Remove or disable unused extensions.
5. For high-value accounts, prefer platform-native passkey or hardware-backed authenticators rather than extension-based credentials.
Organizations should:
• Audit extension policies and restrict or whitelist extensions.
• Enforce secure best practices on web apps (e.g., session-bound challenges with passkeys).
• Encourage or mandate the use of vetted and updated password-management tools.
This disclosure emphasizes that security is a chain, and your cryptographic strength is only as strong as its weakest link. Passkeys are an important evolution beyond passwords, but until all layers: browser, extensions, applications are hardened, risk remains. Act now before attackers exploit complacency.
