29 Dec Browsers Login Manager Flaw May Compromise Usernames and Passwords
Princeton University researchers recently identified a security flaw in login managers which may allow advertising and analytics firms to secretly extract a user’s login credentials.
The exploit uses invisible login fields which the login managers automatically fill in. The malicious script then sends back the information to a third party server. Hackers started using this exploit around a decade ago, however, the researchers say they found services such as Adthink (audienceinsights.net) and OnAudience (behavioralengine.com) using such a script to extract usernames and emails, but not passwords.
Source: Bleeping Computer