A question about security fix for auto-filling into web pages with CSP sandbox

Hello, folks.

I’m a newbie here, just wanted to clarify one thing about the security fix that was implemented for subj.

Frankly, not sure, that I understand why this case poses a security risk for the password manager’s browser extension. Web pages with CSP sandbox property have got even stronger protection against scam activity and what are connections between this CSP directive and security restrictions that are imposed on in-browser password managers. The research also mentions that such web pages are always classified as untrusted, it’s also unclear… Thank you in advance.

A post was merged into an existing topic: Google-discovered vulnerability in Bitwarden

@Artem_Baranov Welcome to the forum! I moved your question into an existing thread on the same topic.