3.11.9 Release Notes
Release Date: November 18, 2025
Improvements
-
Added protection against clickjacking attacks that use invisible or hidden layers, as demonstrated at Def Con 33. Added an optional warning (disabled by default) when any page layer covers Web Password Filler; this may trigger on harmless site changes, but existing protections block all known attack versions. (ref: 673136)
Fixed Issues
-
Fixed an issue where a field on a non-login form was getting autofilled. (ref: 660330)
-
Resolved an autofill issue on https://q2console.okta.com. (ref: 671995)
-
Resolved an issue where the error message “Unable to autofill secret from selected secret” appeared when launching a URL list. (ref: 673235)
-
Fixed an issue where checking all user input fields on some pages with thousands of fields led to performance issues. (ref: 678140)
