I cannot vote for anything because they restrict new accounts. I made an account exclusively to raise this issue.
The article itself does not say the attack can solely be triggered by a click. If that is true, why do his test forms still steal data when using keyboard shortcuts?
The post I am referring to where bitwarden devs claimed it was fixed when it was not was on the reddit community. They made a patch within 2ish weeks, said it was fixed and then the community found it was not actually fixed and they revised their statement to say it fixed most kinds of clickjacking attacks.
Yet to this day, bitwarden latest version is suspectable to the original clickjacking methods discovered in the research back from August of last year. “Fixed in most cases” does not seem accurate when the original security issue wasn’t even addressed…