DOM-based extension clickjacking: What Workspace users need to know

When it comes to cybersecurity, even “old” threats have a way of reinventing themselves. That’s exactly what happened at DEF CON 33 (August 9, 2025), where researcher Marek Tóth unveiled a new DOM-based extension clickjacking technique that can impact multiple password managers’ browser extensions.

The good news? Remote Desktop Manager (RDM) is not affected, and the Workspace browser extension is already hardened with new protections. Let’s walk through what happened, what we’ve done, and what you can do to stay safe.

Quick Summary (TL;DR)

• A new DOM-based extension clickjacking attack was publicly demonstrated by Marek Tóth.
• RDM desktop and Workspace desktop/mobile apps are not affected.
• The Workspace browser extension was impacted, but we quickly rolled out layered mitigations:
  • Opacity/visibility tamper detection
  • Top-layer (Popover) occlusion checks
• Workspace’s safer defaults already reduce risk:
  • Autofill on page load is OFF by default
  • Host-level URL matching is the default mode
• What you should do: Update the Workspace extension, keep “autofill on load” disabled unless necessary, and consider stricter URL matching for sensitive sites.

What Happened at DEF CON

Marek Tóth’s DEF CON talk revealed how attackers can trick users into clicking on invisible extension UI layered inside webpages. These legitimate clicks — like dismissing a dialog — could unintentionally trigger autofills.

The research was responsibly disclosed to some vendors in April 2025, and publicly shared in August 2025. Since Workspace wasn’t on PCMag’s “Best Password Managers” list (the researcher’s test pool), we weren’t initially notified.

Coverage quickly followed across the industry:

• SecurityWeek
• The Hacker News

Which Devolutions Products Are Affected?

• Remote Desktop Manager (Windows/macOS/Linux): Not affected
• Workspace desktop & mobile apps: Not affected
• Workspace browser extension: Impacted, but fixed with new safeguards

How the Attack Works

The attack relies on real user clicks. An attacker can make extension UI invisible yet still clickable. When your click lands on this hidden UI, autofill can be triggered.

Because the click is genuine, the browser’s checks (like event.isTrusted) still pass. The researcher documented several tricks:

• Changing opacity/visibility
• Overlaying with the Popover API (top-layer UI)
• Pointer-event manipulation

Scope note: The risk is greater if attackers gain control of a subdomain of a site you have credentials for (e.g., via XSS or subdomain takeover).

Workspace Risk Assessment

Workspace was already ahead of the curve:

• Autofill on load is OFF by default. Autofill requires an explicit user action (click or shortcut). Learn more
• Host-level URL matching. By default, Workspace requires matches at the host level, limiting cross-subdomain exposure. Learn more

That said, since DOM tampering can still trick users, we added extra defense-in-depth protections.

What We Changed

We added two key safeguards in the Workspace browser extension:

1. Opacity/visibility tamper detection

   • If autofill UI is made transparent or hidden by the page, Workspace immediately dismisses it and refuses to fill.

2. Top-layer occlusion detection

   • If another element overlays the autofill menu, Workspace closes the UI and blocks filling.

In short: if Workspace can’t confirm the UI is safely visible, it won’t fill.

What You Should Do

To minimize risk, here’s what we recommend:

1. Update the Workspace extension to the latest version (2025.2.5.0 and above).
2. Keep “Autofill on load” disabled (default). Only enable it if absolutely necessary. Learn more
3. Use stricter URL matching (e.g., Exact for admin consoles). Learn more
4. Optional advanced step: Configure the extension in Chrome/Edge for “On click” site access for high-risk browsing. Marek Tóth
5. Practice browsing hygiene: Update browsers/extensions regularly, avoid shady overlays, and don’t install untrusted add-ons.

Timeline

• April 2025: Private disclosure to selected vendors
• August 9, 2025: DEF CON talk & blog publication
• Late August 2025: Industry-wide press coverage
• August 26, 2025: Workspace extension internally fixed
• September 8, 2025: Public release of fixed version (2025.2.5.0)

Our Take on the Root Cause

This research is a reminder that clickjacking isn’t dead — it’s evolving. Any extension that injects UI into arbitrary webpages will face risks from hostile DOM and CSS.

While our mitigations make Workspace more resilient, the long-term fix must come at the browser level (e.g., reliable APIs to prevent UI occlusion). We support that direction and will keep adapting.

A Note on Autofill on Load

This feature is disabled by default — and we strongly recommend leaving it that way. If a site you trust gets compromised, autofill-on-load could silently hand over credentials. Enable it only if you have a clear, controlled need.

Acknowledgments

A big thank you to Marek Tóth for his research and responsible disclosure. For the full technical breakdown and vendor responses, see his write-up.

Stay Informed

• Get security advisories: Subscribe here
• Report a vulnerability: Visit our security page

Final Thoughts

Security research like this reminds us that threats evolve — and so must defenses. We’re proud that Workspace’s safer defaults already offered protection, and we’ve gone further with new safeguards to protect our users.

As always, keep your extensions updated, follow our best practices, and let’s keep building security together.