Browser: Invasive when not even in use
When using the Chrome browser extension, when you click on a checkbox on the page the element gets a:
data-com.bitwarden.browser.user-edited="yes"
Attribute added to it.
This page has:
- NO credentials on it (no password input, it's a contact form, not a login form)
- Bitwarden is not in use or been interacted with manually at all.
So my question is, isn't this a bit invasive? Why is Bitwarden seemingly interested in form elements on a page that it should have no business in? It get's me worried.
IMO, Bitwarden should only ever initialise MINIMAL code in order to determine if the page contains a form with credentials. In all other instances, there should be no code or invasive elements or listeners added to the page.
garygreen
All 4 comments
You can view the autofill code that does this here:
https://github.com/bitwarden/browser/blob/master/src/content/autofill.js
kspearrin
on 12 Sep 2018
It even does it when your using something like CodePen:
https://codepen.io/garygreen/pen/aaGBbV
It's pretty ridiculous that it's this invasive.
garygreen
on 12 Sep 2018
I agree this is super annoying. I'm developing a website and bitwarden is modifying my html when I haven't even clicked on the bitwarden plugin and the page itself has zero password fields on it.
mirraj2
on 17 Feb 2019
@kspearrin any news on this? I still find it a bit concerning how much Bitwarden chrome extension interferes with all pages. It should only inject/enable the most minimal amount of code when it needs to, not on every page load.
garygreen
on 12 Apr 2019
Related issues
Attoy
路
3Comments
ollieh
路
6Comments
mkuhring
路
5Comments
blockloop
路
6Comments
madranet
路
4Comments
Most helpful comment
It even does it when your using something like CodePen:
https://codepen.io/garygreen/pen/aaGBbV
It's pretty ridiculous that it's this invasive.