Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
Unmatched clickjacking flaws
This isn't news. The "unpatched flaws" are in the browser extensions, and are due to the nature of browser extensions rather than the software the extension talks to, which means they can't be patched.
If you want to mitigate your exposure to this, don't use the browser extension - which has always been true.
I know you said just don't use the extension, but I'm a dolt. Is there a safest alternative method of use for me? Like am I better off only using a pass manager app on my phone?
Nah you'll be alright, using the desktop app is fine; the attack works by first having you go to a compromised page, and then the page has some code to trick the password manager into auto filling your details without your consent or knowledge.
1Password's extension pops up a notice when filling some sensitive data and that notice cannot be hidden by the page you're on, like credit card data and maybe personal ID information, but regular passwords and 2fa don't have that confirmation. Can't speak for other managers on that, but generally if you just don't use the extension and instead manually copy and paste from the password manager, you're immune to this attack.