Password managers Bitwarden and Dashlane have fixed a bug that allowed users to accidentally enter passwords on sandboxed sites. Safari was also vulnerable; it is unknown if Apple has fixed its browser.
Bitwarden has fixed its software and Dashlane notes that it did not see a critical problem in the bug found by Google researchers , The Daily Swig reports . Due to the bug, the password managers mistakenly entered the passwords on unsafe sites, Google says . As a result, those passwords could end up in the wrong hands. It is unknown if the vulnerability has been actively exploited.
Google published the leak last week, three months after it notified affected password managers. Other password managers such as LastPass and 1Password did not have the bug, and browsers Edge and Chrome were not vulnerable either, Google says. Password managers shouldn’t automatically fill in passwords when a page or form is sandboxed, and many password managers do.
