New Phishing Technique 'Vaultjacking' Targets Google Password Manager Credentials

A new phishing technique called 'Vaultjacking' has been introduced, where a single adversary-in-the-middle (AiTM) landing page can spoof a user’s Google passkey or password manager PIN. The method allows attackers to gain access to all third-party credentials stored in the victim’s Google Password Manager, including passkeys. The attack demonstrates that compromising one site through phishing can lead to a full breach of Chrome-saved credentials.