Clickjacking: Zoho Vault's Response

Clickjacking: Zoho Vault's Response

Issue: Password manager browser extensions are found to be vulnerable to clickjacking security vulnerabilities that could allow attackers to steal account credentials, TFA codes, and card details under certain conditions.

Reported by: Marek Toth, Independent Security Researcher in DEF CON 33 on August 18, 2025.

How does it impact Zoho Vault?
  • The Zoho Vault browser extension will not automatically auto-fill login credentials.
  • It will auto-fill login credentials based on user interaction.
  • For example, when a user lands on xxx.google.com, the Zoho Vault browser extension will list all passwords matching google.com, and the user must manually click on the correct account to log in.
  • There has been minimal impact on login credentials for clickjacking.
Steps taken by Zoho Vault:
  • Our team identified this vulnerability via news on August 20, 2025.
  • On the same day, our team started working on the hot fix for all of the browser extensions and uploaded it to the respective browser stores on August 23, 2025.
  • It was reviewed by the respective stores and released as below:
    • Firefox: August 23, 2025
    • Edge: August 24, 2025
    • Chrome: August 25, 2025
    • Safari: August 26, 2025
  • Users will be automatically moved to the latest version of the browser extension.
  • We have been transparent with our users about the reported issue and have updated them throughout this period.
What is fixed?
  • Fake websites can no longer load Zoho Vault browser extensions' automatically.
  • Fake websites can no longer hide or alter the visibility of Zoho Vault browser extensions.
At Zoho, we care about our users' security and privacy. If you have any questions regarding this issue or need any assistance, write to support@zohovault.com.
    • Sticky Posts

    • Free webinar—Redefining workforce security with Zoho Vault: Passwords, passkeys, and multi-factor authentication

      Hi everyone! Did you know that in Q2 alone, 94 million data records were leaked globally? Behind every breach is a combination of poor password habits, phishing attacks, privilege misuse, and simple human error. The fallout—including reputational damage,
    • Introducing SecureForms in Zoho Vault

      Hey everyone, Let’s face it—asking someone to send over a password or other sensitive data is rarely straightforward. You wait. You nudge. You follow up once, twice—maybe more. And when the information finally arrives, it shows up in the worst possible
    • Join our World Password and Passkey Day expert Q&A 2025

      Hey everyone! World Password and Passkey Day is almost here, and there's no better time to talk about something we all rely on daily—secure authentication. Did you know that a staggering 60% of hacking-related breaches are tied to weak or stolen passwords?
    • Zoho Vault: A look at what's new for iOS, iPadOS, and macOS

      Hi everyone, At Zoho Vault, we constantly aim to improve your security experience. Based on both internal and external feedback, we have recently rolled out updates across our iOS, iPadOS, and support for macOS platforms. Introducing the desktop app for
    • iOS 12 update: Introducing autofill passwords and Siri Shortcuts in Zoho Vault

      With this iOS 12 release, Zoho Vault users can now autofill usernames and passwords on Safari and other third-party apps. Users can enjoy a seamless login experience to their everyday apps without compromising security and also access passwords stored in Zoho vault with Siri Shortcuts by adding personalized phrases. How to enable autofill password on your iOS device? First, you need to update your device to iOS 12.  Apple recommends you to take a backup before you update your device to the latest
    • Recent Topics

    • New portal SAML authentication error: User not found

      Dears, Has anyone else been experiencing this lately? I am creating a new portal authenticated by SAML (Entra ID). I followed the same process as I did with other portals, but any new portal created after this always encounters this error. I’ve been reporting
    • Devis et facture multi page

      Bonjour, je suis sur Zoho invoice et je rencontre un problème sur mes devis et factures lorsqu'ils dépassent 1 page. je me retrouve souvent avec des lignes coupées ou le sous total page 1 et le total page 2. j'aimerai savoir s'il existe une possibilité
    • Rotate an Image in Workdrive Image Editor

      I don't know if I'm just missing something, but my team needs a way to rotate images in Workdrive and save them at that new orientation. For example one of our ground crew members will take photos of job sites vertically (9:16) on his phone and upload
    • Help with Filtering Records, HTML Pages, and Automatic File Uploads in Zoho Creator

      Hi Zoho Creator Community, I’m building a Zoho Creator application and need guidance on a few features I’ve been struggling with. I want to implement them safely and efficiently, and I’d appreciate any examples, tips, or best practices. I want users to
    • How to Send Email from within a custom module (with or without an email template)

      It is possible to send an email from the Deals module. However, I can't find a way to send an email from any of our custom modules. I have tried adding an email field to the modules (even though we don't really want one or need it there). That doesn't
    • Convert invoice from zoho to xml with all details

      How to convert an Invoice to XML format with all details
    • Signature issue

      Problem: The signature does not appear when replying or forwarding an email. solve issue: settintgs/Signature Check option place a signature above the content with quotation marks
    • Feature Suggestion for Zoho Websites – Inspired by Squarespace Systems

      Dear Zoho Team, I’m a Zoho user and also a Squarespace Platinum Circle member, and I recently noticed the launch of Zoho Websites in India. I wanted to share some ideas for features that could enhance the platform for professional users and agencies.
    • Custom View - Sort by Custom Field

      I created a custom field for our Engineering team to know which tickets to work first by numbering them.  I created a custom view to general data which includes the Engineering Priority.  However, I cannot sort the Engineering Priority column ascending
    • Zoho Indeed Intergation not pulling candidate details

      We have recently integrated zoho with indeed. Prior to this our candidates came into the candidates tab via the zoho.resumes email address from indeed and it pulled through the candidates mobile number, and majority of the time a postcode. However since
    • Custom View of tickets created today

      How can I create a custom view that list all my ticked created in the current date? Currently, if I select the "Created Time" criteria, the "Current Time" option does not work as today. Actually, I don't know how it works this "Current Time".
    • Lifecycle Reports

      From data to decisions: A deep dive into ticketing system reports A lifecycle report captures and visualises the sequential states that a ticket undergoes across its lifespan. For instance, when a customer submits a support ticket for a faulty product,
    • Zoho Forms - Print Button on Forms

      Hi Forms team, I'm replicating a form for a client which is currently based on JotForm. I noticed that at the end of the form there is a button to print the completed form. I thought this would be something worth sharing and a nice to have in Zoho Forms.
    • Putting Watermark on Zoho Sheet

      Can this be done?
    • Validation function not preventing candidates under 18 or over 30 from submitting the web form

      Hello everyone, I’m trying to create a validation rule for the Candidate Webform in Zoho Recruit. I added a custom field called “Date of Birth”, and I want to make sure that candidates cannot submit the form unless their age is between 18 and 30 years.
    • Report to know the history of certain Tickets on Desk

      Hi there guys, As the title implies we're wondering if there's any way to get some kind of Report that allows us to check the History of various Tickets at the same time since as of today if we want to know that we have to check them 1 by 1 which is not
    • IMAP Migration from Gmail

      I have been trying to import my email from a Gmail server and keep receiving the following error. I have reduced the security, activated imap and no improvement. The link to the Google support item has not helped. Unable to connect to your account. Please
    • Advanced Usage Billing: Prepaid with Drawdown

      Picture yourself at your favourite coffee shop, Bean & Brew. You come by every morning for your usual cappuccino, and occasionally you get an extra cold brew and a muffin or two in the afternoon. Interestingly, Bean & Brew has a new idea of offering a
    • Zoho Commerce in multiple languages

      When will you be able to offer Zoho Commerce in more languages? We sell in multiple markets and want to be able to offer a local version of our webshop. What does the roadmap look like?
    • Urgent Zoho Creator down!!!???

      Now my zoho creator faced this issue. Anyone has idea? Urgent!!!
    • The Social Wall: September 2025

      Hello everyone, As we step into the fall season, some major updates are on the horizon. Meanwhile, here are the exciting updates we rolled out this September. Approvals in iOS Managing approvals just got more seamless on mobile. With this update, the
    • Introducing Detailed View for Candidates in Vendor Portal

      We’ve added a new Details sub-tab inside the Vendor Portal to help vendors easily view complete candidate information after submission. With this update, vendors can now access all candidate details, from personal information to associated job openings,
    • Zoho One Down

      Zoho Team, Checking if when the services up - currently Zoho One is down
    • Weekly Tips : Customize your Zoho Mail Notifications

      In a professional context, email communication remains one of the most crucial channels for staying connected and managing workflows. Keeping track of your emails, task updates, or important announcements can be overwhelming—especially if you are juggling
    • How can I track which zoho users are actively using Zoho CRM

      I have several licenses of Zoho CRM. We now need to add a new user. I could purchase a new license, but before I do, I would like to see if any of our existing users are not actively using the license assigned to them. How can I determine the activity
    • Access to Detail View From HTML Snippet

      Zoho Creator displays a detail view that slides out from the right onClick of a record in a report. Am I able to access that detail view from an html snippet, e.g. click a record in a list and display the detail view? The zc_LoadIn dialog is a bit clunky,
    • Billing Management: #10 Solving Common Mistakes in Billing

      Over the past few weeks, we have explored different facets of billing, from the simplicity of traditional one-time billing to the evolving landscape of subscriptions, retainers, and usage-based models. We've unpacked how billing isn't just about sending
    • 【開催間近 - 10/17】東京 ユーザー交流会 Vol.3 参加登録 受付中!(参加無料)

      ユーザーの皆さま、こんにちは。コミュニティチームの藤澤です。 10/17(金)に、東京・新橋で「東京 ユーザー交流会 Vol.3」を開催します! ZOHOLICSよりも小規模なイベントですので、「リアル開催はちょっと緊張する…」という方も、安心してご参加いただけます✨ 当日は、初公開の事例を2つご紹介予定です! なお、セッション映像のアーカイブ配信は予定していないため、会場にお越しいただいた方だけが、登壇者へ直接質問したり、リアルな声を聞いたりできる貴重な機会となっています。 ーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーーー
    • Loading CSS Stylesheets into HTML Snippet

      Combining html/css into a single snippet can grow quite large for a UI that has a lot of functionality/styling. To keep things tidy, are we able to pull files into an html snippet using a <link> tag? If so, what are some best practices?
    • Notes Attachments

      Two things it would be nice to have the attachment size the same as the attachments sections and it would be nice to be able to attach links like you can in the attachments section. Thank you
    • Canvas: empty images

      Hello. If I add an image field like contact photo in a Canvas design, and the field is empty, there is an ugly placeholder in its place. This doesn't happen in the standard view. In the standard view, if the contact photo is empty, nothing appears in
    • Google enhanced conversions not working

      Hi guys, I've connected Zoho CRM through Google Ads interface with the goal to setup the enhanced conversion tracking in Google Ads. I have to Zoho related conversion goals which you can see in the images below: For the conversion goal above I've setup
    • MS Teams Meeting to Zoho CRM

      Has anyone figured out a good way to push MS Teams meeting info on a trigger of "meeting end" to Zoho CRM? We're looking for a way to take attendees of a meeting and meeting duration and push it into Zoho CRM after the meeting has ended. If I can just
    • Font Size 11 - Zoho CRM Email Templates

      Our company communicates with our vendors exclusively using Calibri Font Size 11, as this is the standard formatting for professional emails. Since the CRM only allows for the selection of font sizes 10 & 12, we have been unable to utilize the CRM email
    • Calling Function via REST API with API Key gives 401 using Zoho Developer

      Hi, I created a couple of functions using the one month trial of Enterprise edition, which I was able to call using the API Key method from Postman and from an external site. Now that my trial has expired, I have created the same functions in the Developer
    • How do I move a section or element from one page to another in the NEW Zoho Sites UI

      I have a section on my home page with numerous elements within it and I'd like to move the entire section to a different page on my site so I don't have to recreate it from scratch.  Is there a way for me to do that easily? I could use a quick answer on this please.
    • Zoho Projects app update: Global Web Tabs support

      Hello everyone! In the latest version(v3.10.10) of the Zoho Projects app update, we have brought in support for Global Web Tabs. You can now access the web tabs across all the projects from the Home module of the app. Please update the app to the latest
    • Export as MP4 or GIF

      Hi, Just wondering if there's a way to export/convert a presentation to an MP4 video file or even a GIF. One use case would be to use the animation functionality to create social media graphics/charts/gifs/videos. Thanks for a great tool... Rgds Jon
    • Page Layout- Horizontal Rule

      When editing the layout of, for instance, the Potentials page, is there a way to insert a horizontal rule or white space in between fields?  I'd like to keep a group of fields in the same Section, but would like to create some seperation in order to further group together certain fields within the Section.  If this is not possible, does anybody have any other suggestions on how to create this same effect?   Thank you!
    • Zoho Books will discontinue support for older browser versions soon

      Hello users, Starting from May 15, 2024, Zoho Books will no longer support the following browser versions: Browsers Version Restrictions Firefox Browser Versions older than 100 Google Chrome Versions older than 100 Microsoft Edge Versions older than 100
    • Next Page