Highly requested by the Bitwarden community, the new inline auto-fill menu greatly enhances the user experience, enabling users to fill login credentials faster than ever.
There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.
I don’t think that this is a very likely attack, but at least in theory this could work.
Edit: Bitwarden protects against such attacks:
The auto-fill menu will only fill credentials when a user selects a form field they want to interact with. This protects users from potentially malicious form fields or web pages and ensures sensitive information will never be populated without user knowledge.
if I’m entering my details on a phishing website anyway, it shouldn’t really matter wether or not I typed it in or used Autofill, right?
There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.
I don’t think that this is a very likely attack, but at least in theory this could work.
Edit: Bitwarden protects against such attacks:
If an attacker can control the content delivered from a valid domain’s web server, nothing at all is going to protect you.