As already said, the fix was in 2025.8.1, with the description:
Do not render the inline autofill menu if the page has an open popover window
This changelog description is both helpful and not helpful:
- There is a surprising detail of what the fix strategy was
- I wouldn’t know, unless I know beforehand, that this is a security fix, important or not, critical or not.
So it would be nice if “security” fixes were communicated more clearly, even in the changelog (where people might be evaluating builds).