keepassxc-browser icon indicating copy to clipboard operation
keepassxc-browser copied to clipboard

Published 20 hours ago verified publisher icon keepassxreboot

A naive question about security

Open benji1000 opened this issue 5 months ago • 9 comments

Hello,

I just recently started using the KeePassXC browser extension. It works great, but I'm wondering something about security. What's preventing a malicious website to query the extension to obtain database entries? What are the mechanisms in place to prevent the extension from being arbitrarily queried for credentials and coerced into fetching and giving to the website?

If the answer to this question does exists already, could you point me to it (I couldn't find it), and maybe it could be displayed more prominently somewhere in the docs? Maybe even right in the Readme file, with a "Security" section for example. It could help regular users understand and use the extension, as well as security-conscious and tech-savvy users.

Thank you for your answer 🙂

benji1000 avatar Mar 05 '24 10:03 benji1000