Clickjacking: Zoho Vault's Response

Clickjacking: Zoho Vault's Response

Issue: Password manager browser extensions are found to be vulnerable to clickjacking security vulnerabilities that could allow attackers to steal account credentials, TFA codes, and card details under certain conditions.

Reported by: Marek Toth, Independent Security Researcher in DEF CON 33 on August 18, 2025.

How does it impact Zoho Vault?
  • The Zoho Vault browser extension will not automatically auto-fill login credentials.
  • It will auto-fill login credentials based on user interaction.
  • For example, when a user lands on xxx.google.com, the Zoho Vault browser extension will list all passwords matching google.com, and the user must manually click on the correct account to log in.
  • There has been minimal impact on login credentials for clickjacking.
Steps taken by Zoho Vault:
  • Our team identified this vulnerability via news on August 20, 2025.
  • On the same day, our team started working on the hot fix for all of the browser extensions and uploaded it to the respective browser stores on August 23, 2025.
  • It was reviewed by the respective stores and released as below:
    • Firefox: August 23, 2025
    • Edge: August 24, 2025
    • Chrome: August 25, 2025
    • Safari: August 26, 2025
  • Users will be automatically moved to the latest version of the browser extension.
  • We have been transparent with our users about the reported issue and have updated them throughout this period.
What is fixed?
  • Fake websites can no longer load Zoho Vault browser extensions' automatically.
  • Fake websites can no longer hide or alter the visibility of Zoho Vault browser extensions.
At Zoho, we care about our users' security and privacy. If you have any questions regarding this issue or need any assistance, write to support@zohovault.com.


      • Sticky Posts

      • iOS 12 update: Introducing autofill passwords and Siri Shortcuts in Zoho Vault

        With this iOS 12 release, Zoho Vault users can now autofill usernames and passwords on Safari and other third-party apps. Users can enjoy a seamless login experience to their everyday apps without compromising security and also access passwords stored in Zoho vault with Siri Shortcuts by adding personalized phrases. How to enable autofill password on your iOS device? First, you need to update your device to iOS 12.  Apple recommends you to take a backup before you update your device to the latest

      • Zoho Vault: A look at what's new for iOS, iPadOS, and macOS

        Hi everyone, At Zoho Vault, we constantly aim to improve your security experience. Based on both internal and external feedback, we have recently rolled out updates across our iOS, iPadOS, and support for macOS platforms. Introducing the desktop app for

      • Join our World Password and Passkey Day expert Q&A 2025

        Hey everyone! World Password and Passkey Day is almost here, and there's no better time to talk about something we all rely on daily—secure authentication. Did you know that a staggering 60% of hacking-related breaches are tied to weak or stolen passwords?

      • Introducing SecureForms in Zoho Vault

        Hey everyone, Let’s face it—asking someone to send over a password or other sensitive data is rarely straightforward. You wait. You nudge. You follow up once, twice—maybe more. And when the information finally arrives, it shows up in the worst possible

      • Free webinar—Redefining workforce security with Zoho Vault: Passwords, passkeys, and multi-factor authentication

        Hi everyone! Did you know that in Q2 alone, 94 million data records were leaked globally? Behind every breach is a combination of poor password habits, phishing attacks, privilege misuse, and simple human error. The fallout—including reputational damage,

        • Recent Topics

        • Transfer ownership of files and folders in My Folders

          People work together as a team to achieve organizational goals and objectives. In an organization, there may be situations when someone leaves unexpectedly or is no longer available. This can put their team in a difficult position, especially if there

        • What are the create bill API line item requiered fields

          While the following documentation says that the line items array is requiered it doesn't say what if any files are requiered in the array. Does anyone know? API documentation: https://www.zoho.com/inventory/api/v1/bills/#create-a-bill I'm trying to add

        • Free Webinar: Zoho Sign for Zoho Projects: Automate tasks and approvals with e-signatures

          Hi there! Handling multiple projects at once? Zoho Projects is your solution for automated and streamlined project management, and with the Zoho Sign extension, you can sign, send, and manage digital paperwork directly from your project workspace. Join

        • Customer ticket creation via Microsoft Teams

          Hi all, I'm looking to see if someone could point me in the right direction. I'd love to make it so my customers/ end users can make tickets, see responses and respond within microsoft teams. As Admin and an Agent i've installed the zoho assist app within

        • Is there a way to update all the start and end dates of tasks of a project after a calendar change?

          Hi! Here's my situation. I've built a complete project planning. All its tasks have start dates and due dates. After completing the planning, I've realized that the project calendar was not the right one. So I changed the project calendar. I now have

        • How to update task start date when project start date changes?

          Hi there, When the start date of a project changes, it's important to update the start dates of the tasks associated with that project to reflect the new timeline. Is there a way to shift the start date of all project tasks when the start date of a project

        • Uplifted homepage experience

          Hello everyone, Creating your homepage is now much easier, more visual, and more impactful. Until now, your homepage allowed you to display custom views, widgets, analytic components, and Kiosk. With the following improvements, the homepage is now a smarter,

        • Issue with Picklist Dropdown Not Opening on Mobile

          Hello I am experiencing an issue with picklist values on mobile. While the arrow is visible, the dropdown to scroll through the available values often does not open. This issue occurs sporadically, it has worked occasionally, but it is very rare and quite

        • using the client script based on the look up filed i wnat to fetch the record details like service number , service rate

          based on selected service look up field iwant to fetch the service serial number in the serice form how i achive using client script also how i get the current date in the date field in the on load of the form

        • Zoho Books/Square integration, using 2 Square 'locations' with new Books 'locations'?

          Hello! I saw some old threads about this but wasn't sure if there were any updates. Is there a way to integrate the Square locations feature with the Books locations feature? As in, transactions from separate Books locations go to separate Square locations

        • Add zoho calendar to google calendar

          Hi I keep seeing instructions on how to sync Zoho CRM calendar with google calendar but no instructions on how to view Zoho calendar in my google calendar.

        • Zoho Commerce - How To Change Blog Published Date and Author

          Hi Commerce Team, I'm discussing a project with a client who wants to move from Woo Commerce / Wordpress to Zoho Commerce. They have around 620 blog posts which will need to be migrated. I am now aware of the blog import feature and I have run some tests.

        • Add RTL and Hebrew Support for Candidate Portal (and Other Zoho Recruit Portals)

          Dear Zoho Recruit Team, I hope you're doing well. We would like to request the ability to set the Candidate Portal to be Right-to-Left (RTL) and in Hebrew, similar to the existing functionality for the Career Site. Currently, when we set the Career Site

        • Does zoho inventory need Enterprise or Premium subsrciption to make Widgets.

          We have Zoho One Enterprise and yet we can't create widgets on inventory.

        • Writing by Hand in "Write" Notes

          Hi there! I just downloaded this app a few moments ago, and I was wondering if there was a way to write things by hand in "Write" mode instead of just typing in the keyboard. It would make things a bit more efficient for me in this moment. Thanks!

        • Remove the “One Migration Per User” Limitation in Zoho WorkDrive

          Hi Zoho WorkDrive Team, Hope you are doing well. We would like to raise a critical feature request regarding the Google Drive → Zoho WorkDrive migration process. Current Limitation: Zoho WorkDrive currently enforces a hard limitation: A Zoho WorkDrive

        • How do I add todays date to merge field

          I don't see any selection of todays date when creating a letter.  Surely the date option of printing is standard? John

        • Handling Agent Transfer from Marketing Automation Journey to SalesIQ WhatsApp

          We are currently using Marketing Automation for WhatsApp marketing, and the features are great so far We have a scenario where, during a campaign or journey, we give customers an option to chat with our sales team. For this, we are using SalesIQ WhatsApp

        • Comment to DM Automation

          Comment to DM automation feature in Zoho Marketing Automation, similar to what tools like ManyChat offer. Use case: When a user comments on a social media post (Instagram / Facebook), the system should automatically: Send a private DM to the user Capture

        • ZMA shows as already connected to Zoho CRM, but integration not working

          When I try to connect ZMA with Zoho CRM, it shows as already connected, but the integration doesn’t seem to be working. I’ve attached the screen recording for reference.

        • Automatic Email Alerts for Errors in Zoho Creator Logs

          Hello, We would like to request a feature enhancement in Zoho Creator regarding error notifications. Currently, Zoho Creator allows users to view logs and errors for each application by navigating to Zoho Creator > Operations > Logs. However, there is

        • Can you default reports/charts to report the current week?

          Our data table maintains two years of data. Management wants certain report to automatically filter the report to the latest calendar week. I know I can do this manually with filters but I want the report to automatically default to the latest calendar

        • How can I check all announce?

          Hiii, May I ask how can I check all the announce based on broadcast date instead of reply date based So that I will not will miss out any new function

        • Recurring Automated Reminders

          Hi, The reminders feature in Zoho Books is a really helpful feature to automate reminders for invoices. However, currently we can set reminders based on number of days before/after the invoice date. It would be really helpful if a recurring reminder feature

        • Zobot Execution Logs & Run History (Similar to Zoho Flow)

          Dear Zoho SalesIQ Team, We would like to request an enhancement for Zoho SalesIQ Zobot: adding an execution log / run history, similar to what already exists in Zoho Flow. Reference: Zoho Flow In Zoho Flow, every execution is recorded in the History tab,

        • Importing into Multiselect Picklist

          Hi, We just completed a trade show and one of the bits of information we collect is tool style. The application supplied by the show set this up as individual questions. For example, if the customer used Thick Turret and Trumpf style but not Thin Turret,

        • I need to know the IP address of ZOHO CRM.

          The link below is the IP address for Analytics, do you have CRM's? https://help.zoho.com/portal/ja/kb/analytics/users-guide/import-connect-to-database/cloud-database/articles/zoho-analytics%E3%81%AEip%E3%82%A2%E3%83%89%E3%83%AC%E3%82%B9 I would like to

        • Password Assessment Reports for all users

          I'm the super admin and looking at the reporting available for Zoho Vault. I can see that there is a Password Assessment report available showing the passwords/weak and security score by user. However I'm confused at the 'report generated on' value. Monitor

        • Allow people to sign a zoho form by using esign or scanned signature

          Allow people to sign a zoho form by using esign or scanned signature

        • Can't change form's original name in URL

          Hi all, I have been duplicating + editing forms for jobs regarding the same department to maintain formatting + styling. The issue I've not run into is because I've duplicated it from an existing form, the URL doesn't seem to want to update with the new

        • How to Print the Data Model Zoho CRM

          I have created the data model in Zoho CRM and I want the ability to Print this. How do we do this please? I want the diagram exported to a PDF. There doesnt appear to be an option to do this. Thanks Andrew

        • Setting certian items to be pickup only

          How do we have some items that are pickup only? I have several items in my item's list that I do not ship. But they need to be on the website to be sold, and picked up in store. Need to be able to do this as one of these products is a major seller for

        • Using gift vouchers

          We would like to be able to offer a limited number of gift vouchers, of varying values, to our customers, and are looking for the best way to do this. We have looked at Coupons and Gift Certificates, but neither seem to fit the bill perfectly. Coupons:

        • Automatically updating field(s) of lookup module

          I have a lookup field, which also pulls through the Status field from the linked record. When the lookup is first done, the Status is pulled through - this works perfectly. If that Status is later updated, the lookup field does not update as well. As

        • Zoho Commerce and Third-party shipping (MachShip) API integration

          We are implementing a third-party shipping (MachShip) API integration for our Zoho Commerce store and have made significant progress. However, we need guidance on a specific technical challenge. Current Challenge: We need to get the customer input to

        • Adding custom "lookup" fields in Zoho Customization

          How can I add a second “lookup” field in Zoho? I’m trying to create another lookup that pulls from my Contacts, but the option doesn’t appear in the module customization sidebar. In many cases, a single work order involves multiple contacts. Ideally,

        • Can you import projects into Zoho Projects yet?

          I see some very old posts asking about importing project records into Zoho Projects. But I can't find anything up to date about the topic. Has this functionality been added? Importing tasks is helpful. But we do have a project where importing projects

        • Allocating inventory to specific SO's

          Is there a way that allocate inventory to a specific sales order? For example, let's say we have 90 items in stock. Customer 1 orders 100 items. This allocates all 90 items to their order, and they have a back order for the remaining 10 items which could

        • Introducing Workqueue: your all-in-one view to manage daily work

          Hello all, We’re excited to introduce a major productivity boost to your CRM experience: Workqueue, a dynamic, all-in-one workspace that brings every important sales activity, approval, and follow-up right to your fingertips. What is Workqueue? Sales

        • Zoho Inventory. Preventing Negative Stock in Sales Orders – Best Practices?

          Dear Zoho Inventory Community, We’re a small business using Zoho Inventory with a team of sales managers. Unfortunately, some employees occasionally overlook stock levels during order processing, leading to negative inventory issues. Is there a way to

        • Next Page