tldr if you're on a malicious website, it can make you unknowingly and unintentionally autofill personal info. Most password managers allow you to disable autofill entirely which is recommended until passwords managers mitigate the attack vector.
edit: this was posted earlier #1088323
having password managers integrated with browsers and cloud synced is the biggest trick the security industry pulled on its customers
Use KeePass people!
I don't like that title. Makes it sound like password managers are maliciously designed to steal your creds.
Better title: How password managers are vulnerable to this newly discovered attack
Agreed. It's a clickbait title that I should've tamed.
Password managers are a single point of failure, one successful attack and your duck is cooked.