A known browser vulnerability exploits the default browser Password manager that abused by third-party scripts and exfiltrate the hidden user identities. An attacker can be successfully gaining the information by tracking script that inserts an invisible login form in the user visiting website that is automatically filled by browser login manager. Tracking scripts are found in more than 1000 website among top 1 Million websites and gathered user addresses that will be hashed later and send it across to third party servers. Similar attacks were reported by many researchers especially steal passwords from login managers through cross-site scripting (XSS) attacks.”]
Source: https://gbhackers.com/exploit-browser-password-manager/

