Some progress has been made with various Password Managers, sadly not all. Here is the current status.

Who has fixed it

• Dashlane: Smart Extension v6.2531.1 (Aug 1). Update in your store.

• Keeper: Extension fixes in v17.1.2 and hardening in v17.2.0.

• NordPass, Proton Pass, RoboForm: Vendors state patched. Check latest extension.

• Bitwarden: v2025.8.0 contains the fix. Make sure your store shows that version.

• Enpass: Release notes say Chrome v6.11.6 fixed clickjacking (others may lag). Verify per-browser.

Who hasn’t (or not fully)

• 1Password: No comprehensive extension patch; added a user-prompt mitigation.

• LastPass: No fix yet.

• LogMeOnce: No response reported.

• Apple iCloud Passwords extension (Chrome/Edge/Firefox): Listed as vulnerable.

Special note RE: Apple iCloud Passwords

• Safari on macOS/iOS: Keep using it. Safari’s built-in passwords are not the

  extension being targeted. Regardless I have turned off autofill.

• Other browsers: Unload/disable “iCloud Passwords” extensions until Apple patches. It is not safe yet.

• Make sure your Apple Devices are FULLY CURRENT and patched. There were important updates yesteday for other Zero Day vulnerabilities.