Chrome, Firefox, Edge and Safari Extensions share a common codebase and released simultaneously.
Please click on the navigation to the left in order to read each release note.
How to load the latest Preview version of the Keeper browser extension
Keeper maintains a "Preview" channel release of the browser extension. Customers are encouraged to install the preview version which is published 1-2 weeks ahead of full public release.
Important: Remove your existing Keeper extension before installing the preview.
Step 1. Go to Window > Extensions and remove your existing Keeper extension.
Step 2. Install the Keeper preview extension from this link: https://chrome.google.com/webstore/detail/hlkdkmefjphnecdoiaajhndjmkpkhifo?authuser=1&hl=en
Step 3. Pin the extension to your toolbar
Note: The Chromium preview will automatically update as Keeper releases new versions. You are welcome to use this version indefinitely. If you experience issues with the preview version, please email us at feedback@keepersecurity.com.
If you are using the Firefox Developer Edition, the Keeper browser extension can be side-loaded for an indefinite period of time.
Important: Remove your existing Keeper extension before installing the preview.
Step 1. Change security preferences
Firefox Extended Support Release (ESR), Firefox Developer Edition and Nightly versions of Firefox allow you to override the setting to enforce the extension signing requirement, by changing the preference xpinstall.signatures.required
to false in the Firefox Configuration Editor (about:config page). To override the language pack signing requirement, you would set the preference extensions.langpacks.signatures.required
to false.
Step 2. If you already have Keeper installed, go to Extensions and click on the ellipsis icon next to the Keeper extension and select "Remove"
Step 3. Download the Firefox preview zip file: https://keepersecurity.com/browser_extension/preview/firefox.zip
Step 4. Go to Extensions and click Settings > Install Add-on From File... and select the zip file.
Important: Remove your existing Keeper extension before installing the preview.
Step 1. Go to Extensions and click on the ellipsis icon next to the keeper extension and select remove
Step 2. Download the Firefox preview zip file: https://keepersecurity.com/browser_extension/preview/firefox.zip
Step 3. Unzip the file in your downloads folder or preferred location
Step 4. Open Firefox > Preferences > Extensions & Themes
Step 5. Click on the Gear icon > Debug Add-ons and select Load Temporary Add-on
Step 6. Select the manifest.json
file located in the Firefox folder you downloaded in Step 2
The Firefox sideload extension will not stay active between browser restarts.
The Safari extension is now installed directly from the Mac App Store. We also distribute a Test Flight build through Apple which can be installed before the public release.
Important: Remove your existing Keeper extension before installing the preview.
Instructions:
Step 1. Open the below Test Flight link in Safari:
[LINK NOT CURRENTLY AVAILABLE]
Step 2. Install Test Flight app following the instructions on screen
Step 3. Install the Keeper extension by clicking "Start Testing" following the instructions on screen.
You may need to restart Safari for the changes to take effect. Make sure that there is only one Keeper extension installed.
If you experience any issues with the preview, please email feedback@keepersecurity.com.
Note: The Safari Test Flight version will automatically update as Keeper releases new versions. You are welcome to use this version indefinitely. If you experience issues with the preview version, please email us at feedback@keepersecurity.com.
Released on October 10, 2024
This release brings major new features, including a new Landscape Mode and Passphrase Generator, as well as significant improvements to the existing Password Generator.
We've added quality of life features, including a Shortcut to your Web Vault, more intuitive Browser Extension settings, and much, much more.
Read on to see what's changing in Version 16.11.
You can now expand your Browser Extension's window so that you can view record details and your list of records at the same time.
You can easily flip between Landscape Mode and Portrait Mode using a new button on your toolbar.
You can now generate a Passphrase via the new Password Generator.
Use the Type dropdown in the Generator to switch between a Password or Passphrase.
Choose how many words you want included in your Passphrase, from 5 words to 20.
You can choose whether you want to include Capitalization and/or a number in your passphrase.
You can choose between several word separators, including commas, periods, and blank spaces.
For context, Passphrases have the dual-benefit of being longer & more complex than Passwords while also being easier to remember. Learn more here.
You can now toggle which symbols will be used in your Generated Password. This makes matching site-specific password requirements easier. Previously, the Generator only let you turn symbols On or Off entirely.
You can now choose to include or exclude both Lowercase & Uppercase letters. Previously, you could only choose whether letters in general were included or excluded.
We've made slight upgrades to the user interface of the Password Generator as well.
With all of this new customizability, we wanted to remind you that you can set default preferences for generated Passwords and Passphrases so that any you generate in the future will follow the same rules. Click the "Use as Default Settings" checkbox before saving your generated content to save these preferences in the future.
Please note that these defaults do not currently sync across platforms (i.e. Vault, Desktop, Mobile) or devices (i.e. personal computer, employer's computer, mobile devices).
You can now quickly access your Vault by clicking the Keeper icon on the top left of your Toolbar Window. (You can still access your Vault via the Settings menu, but we've added this shortcut to save you a step.)
We've updated the names & descriptions of the majority of Browser Extension's settings to make it clear what they do, how to use them, and why you may want to.
We built a banner that shows users how many days they have left on their trial, and provides them with an easy way for them to purchase a Keeper license if they so choose.
We made this feature more understandable & easier to use by letting you set your logout timer by a matter of Hours and Days instead of Minutes. We've also created error messages making it clear when you exceed the maximum values set by Keeper or your administrator.
We made two changes that help avoid the need to scroll inside of tiny windows wherever possible:
If your monitor has vertical space to spare, the Extension Tab's editable modal will expand in length to fill that space (so you don't have to scroll through an unnecessarily tiny window).
When selecting the Location (Folder) a record should be created in, we increased the length Folder Selector dropdown to make it easier to find and select the right location for your record.
We improved the user experience for visually impaired users by simplifying & clarifying the content that screen reader software will read out when using the Browser Extension.
We also fixed an issue with a few readouts when using Keeper in certain languages.
We made it so the default appearance of Browser Extension (dark mode vs. light mode) will match your operating system's settings by default, where possible. In other words, if your computer is in Dark Mode then your Keeper Extension will be in Dark Mode upon installation as well.
We made Tab navigation work as users would generally expect it to: hit Tab to move from the Username field of a website to the Password field, for example.
We did this by turning off Accessibility setting for all existing users and making "off" the default for all new users. You can change this setting at any time via Browser Extension Settings > Accessibility.
For more context, this setting causes the Tab key to focus on the Keeper Field Icon, rather than moving your computer's focus to the next available web element. In other words, if you're used to pressing Tab to navigate from a Username field to a Password field, this setting may throw you off by requiring you to press Tab twice to do the same thing. Now, Tab functions as most users expect it to, but users can easily change this setting to meet their keyboard accessibility needs or preferences.
On login screen, you can now use Command/Ctrl+Del to erase the entire contents of the Master Password prompt field.
We made it so the list you use to Filter records only shows Record Types for which you have one or more records. In other words, if you don't have records with Type = Drivers License, SSH Keys, Health Insurance, etc. - we won't clutter your Filter list by showing those as options.
However, if you create a record with one of those types then that type will begin to show as an option in your Filters list.
We made it so long usernames and emails aren't visually cut off when viewed via the Account button modal.
We reworded "Open in Web Vault" to "Web Vault" in the Browser Extension menu options.
We removed the "Launch Website" option from the Record Details overflow menu, since there's already a "Launch" button on the Record Details UI (if you're not on the website already).
BE-5737: Fixed an issue where the extension would log out if a record is opened in the Vault via the extension and then deleted.
BE-5735: Fixed an issue where newly created records show "Launch" instead of "Autofill", even when the URL matches the website the user is on.
BE-5753: Adding a missing tooltip to the Sort/Filter dropdown.
BE-5766: Fixed an issue where the Create Record screen is not preserving the edits users make if the Toolbar Window is closed or dismissed during record creation and then reopened.
BE-5673: Fixed an issue where only one custom field would show when using the right-click context menu.
BE-5644: Fixed an issue where the title of the Change Password modal was visually cut off instead of showing an ellipses.
BE-5623: Fixed an issue where the menu that appears after clicking the overflow menu on the create new record prompt does not disappear after clicking one of its options.
BE-5799: Fixed an issue where long text in the Sort/Filter component could sometimes break formatting.
BE-5803: Added a border to Favicons when viewed in the create new record view.
BE-5684: Fixed an issue where "Copy Password" was suggested as an option when clicking the more menu on a record list item that did not contain a password.
BE-5862: Fixed an issue where custom fields that a user has changed the display name for would not show the user-specified name.
BE-5802: Fixed an issue where users could edit records directly from the context menu, rather than the record being opened for them to edit in the web vault.
BE-5804: Fixed an issue where attempting to edit a record with 2 URL fields from the Form Filler tool did not open the record in the web vault, as expected.
BE-5896: Fixed an issue where password generator enforcements set by an administrator would apply not only to generated passwords but also passwords that users entered manually, which was not intended.
BE-5774: Fixed an issue where clicking the Autofill button on a record with 2 URLs would open a new tab with the 1st URL, even if the user's active tab contained the 2nd URL.
BE-5902: Fixed an issue where AWS console regions were not loading instantly.
BE-5864: Fixed issues with navigating the Change Password prompt.
BE-5853: Fixed an issue where users couldn't create Payment or Address records via the context menu if they had a certain re-authentication enforcement set by their administrator.
BE-5846: Fixed an issue where some users could not set their Form Field Icons to "Always Show".
BE-5842: Fixed an issue where files were sometimes removed from a v2 record upon following a specific set of actions.
BE-5837: Added a missing translation for the Auto Submit setting description.
BE-5796: Fixed an issue where Safari didn't show emoji as a part of a password.
BE-5721: Fixed an issue where enterprise enforcements could be bypassed by adding certain characters in front of the domain name in a record's URL.
BE-5719: Fixed an issue where the Extension was not automatically logging in on installation if the user was already logged in to the Web Vault.
BE-5707: Added keyboard navigation accessibility to the change password flow.
BE-5662: Fixed an issue where Safari was not properly launching records that had a port included in their URL field.
BE-5640: Fixed an issue where the Extension's Filter component could not be cleared using keyboard controls.
BE-5731: Fixed an issue where domain-specific enterprise enforcements for passwords were excessively strict.
BE-5609: Fixed an issue where an error message appears when entering the incorrect TOTP code, bumping certain text content below the border of the screen without generating a scroll bar - making that content unreachable.
BE-5602: Fixed an issue where the Extension's Search results string would show "Showing results for: '1'" rather than the actual search term entered, in cases where only one result was returned.
BE-5593: Fixed an issue where profile pictures would sometimes appear as a square instead of a circle.
BE-5663: Fixed an issue where multiple tooltips could appear when hovering over themes in the Extension's appearance settings.
BE-5540: Fixed issues with the Suggested Record section's "Create a Record" button, making it keyboard accessible, adding a tooltip, and adding hover states.
BE-5621: Fixed an issue where users were sometimes unable to access Options and Account modals via keyboard navigation if they had viewed a record first.
BE-5857: Fixed an issue where the Extension Tab for creating a payment record was sometimes missing an Address field.
BE-5894: Fixed an issue where folders were not being sorted alphabetically in the folder selector within the Extension Tab.
BE-5895: Fixed an issue where restoring the Extension's default settings was not resetting the Field Icon setting under certain circumstances.
BE-5972: Fixed an issue where the tooltip would not dismiss automatically after hovering over the dice icon when creating a record.
BE-5871: Fixed an issue where the Add to Keeper dropdown was appearing when it shouldn't be on the Login pages of certain websites.
BE-5898: Fixed a discoloration issue on the Cross-Domain iFrame warning prompt.
BE-5959: Fixed an issue where enterprise enforcement policies on passwords were not properly restricting the use of the plus symbol.
Released late August, 2024
This release fixed a bug that impacted core functionality for Safari users.
Released late August, 2024
This release fixed a bug related to the way records are sorted in the Browser Extension's List view.
Released July 2024
We've introduced new safeguards to user data with the addition of a highly secure Extension Tab.
Now, attempting to create a record from any on-site UI will open a new tab, where information can be entered with increased security.
This includes record creation from field icon prompts, fill prompts and the right-click context menu. You can find visual examples of the various workflows below.
Any content entered in a website's username or password fields will be automatically populated in the Extension Tab's new record form.
Once a new record is saved in the Extension Tab, you will be automatically routed back to the website you were on and the Extension Tab will close.
Upon returning to the website, the username and password fields will be auto-filled with the values of your newly created record.
Keeper will no longer suggest new passwords on website login pages, because we assume you likely already have a password you'd like to enter.
This prompt will continue to appear on new account registration pages, where it's more likely to add value.
We've streamlined the "New Record" prompt that appears when there are no suggested records for a site.
Keeper will no longer suggest users' emails on websites, which previously occurred when clicking on a website's username field.
This eliminates the risk of username data being compromised via third-party clickjacking.
This functionality has been improved upon and made available in the Extension Tab.
The extension tab can be used to create address and payment records as well. This can be done through the use of Keeper's context menu by right clicking anywhere on a website.
An "Open Record" ARAM event will be triggered when users open records in the Keeper Browser Extension.
This event will not be triggered upon opening the edit record or create record screens, filling a record, or changing a password.
Made the readout for the extension's search bar clearer and more simple, to increase accessibility.
BE-5473: Prevented repeated clicks of Duo 2FA buttons from creating duplicative text notifications
BE-4266: Fixed issue where user was required to log in a second time to access the vault and browser extension after transfer account setup
BE-5520: Fixed issue where the region selector sometimes disappeared from the extension's login screen if the toolbar window is closed
BE-5511: Fixed issue where multi-line password values showed as a single line when hidden
BE-5504: Fixed an issue where custom records with 2 URL parameters did not match on each URL when "Match on Subdomain" setting was enabled
BE-5499: Fixed an issue where records that had multiple URL fields were at times not sorted correctly
BE-5590: Fixed an issue where a record remained after being deleted when certain actions were taken
BE-5727: Fixed an issue where the extension's "Stay Logged In" setting was being incorrectly overwritten by the vault's equivalent setting
BE-5758: Fixed an issue where an "Unable to load the key data" error was thrown when attempting to save a new record
BE-5739: Fixed an issue where viewing a password that included certain special characters would cause the extension's toolbar window to crash
BE-5772: Fixed an issue with incorrect profile pictures being displayed
BE-5767: Fixed an issue where TOTP code was at times not displaying in the extension after being added to a record
BE-5675: Fixed an issue where logging in was complicated if the user closed the SSO tab while being prompted for 2FA
BE-5677: Fixed an issue where custom login records with 20 URL fields would show indefinitely when opened in edit view in the toolbar window
BE-5626: Fixed performance issues on azurewebsites.net
BE-5728: Fixed interference with rich text editor iFrame on ariba.com
humio.com
inkstation.com.au
insperity.com
intaact.com
jjbuckley.com
kixeye.com
mako-box.com
maykers.com
workforcenow.adp.com/theme/index.html
agencysmart.net
Released June 1st, 2024
Fixed an issue where the Extension would incorrectly autofill & auto-submit username and password data on the Account Settings pages of certain websites.
Released on May 25, 2024
An entirely refreshed Browser Extension experience.
Easily fill credentials with Suggested records that match the website you're on.
Sort records by most recently used, name, or date modified. Filter by Favorites, record type, and more.
Favorite records will appear on top when more than one Suggested record is shown.
Start from scratch with the Create Record (+) button, or Quick Add a record by clicking (+) Add Record when no suggested records are found. Quick adding a record will auto-generate Title and URL based on the website you are on.
Especially helpful for users who switch between Business and Personal accounts.
Tools and Settings have been consolidated into an easily-accessible Options menu.
BE-5717: UI improvements to Record Details. Added a back arrow to the top left of the screen. Moved Favicon next to Record Title.
BE-5535: Gave users the ability to entirely disable Form Field Icons (The Keeper icons that appear inside of fields) without having to disable autofill and auto-submit functionality.
BE-5489: Released Manifest Version 3 to all users.
Manifest V3 is the latest standard for Chrome extensions. All extensions are required to migrate to V3 before June 2024 to ensure that they meet new security requirements. More on that here: Chrome Support - Manifest Version 3
BE-5523: Added a security measure to prevent KeeperFill from detecting and filling into HTML elements in the body of emails.
BE-5457: Fixed an issue where when users with expired trial accounts clicked “Upgrade Now” button in the extension, two tabs were opened instead of one.
BE-5456: Fixed an issue where the US Government Access Notice fails to appear if the datacenter is changed to US (GOV) with keyboard navigation.
BE-5446: Fixed an issue where master password was being asked for more than once when attempting to log in via SSO + Yubikey 2FA.
BE-5431: Fixed an issue where an error message was not reappearing when user’s master password was entered incorrectly more than once.
BE-5429: Fixed an issue where the Fill button was displayed on records that did not contain a URL.
BE-5509: Fixed an issue where the extension was using more memory than expected in certain scenarios where multiple tabs were opened and closed.
BE-5439: Fixed an issue where more than one popup was being displayed when attempting to fill Payment information into cross-domain iFrames.
BE-5427: Fixed an issue where, when using dark mode, text entered into the search field was unreadable due to font color matching the search field’s background color.
BE-5512: Fixed an issue where updates to a record’s favicon did not take effect immediately after a URL was added to or removed from the record.
BE-5185: Added a missing translation in Change Password flow.
BE-5526: Fixed detection issues causing Keeper icons to display in non-applicable fields in Figma, such as text size
BE-5468: Site Specific Fixes
Released March 2024
Released February 2024
BE-5423: Significant updates to the UI/UX of Record Details on the Browser Extension:
1. Record Details Screen: Clicking a record will now display its details in new screen rather than expanding it like an accordion, resulting in easier navigation and greater consistency with Keeper's Web Vault & Mobile experiences.
2. Top Bar: A new top bar makes it easy to take common actions like filling, launching, editing, or favoriting a record
3. Keyboard Navigation: has been updated for compatibility with the new Record Details screen. After focus is placed on a record using the arrow keys:
Enter
= Open Record Details
Shift+Enter
= Launch/Fill Record
4. Favorites: Any record can now be added to or removed from Favorites via the Top Bar. Any Favorited records will appear with a Star icon to make them easy to spot in a list.
5. Password Strength: is now displayed on record details.
6. Favicons (BE-5164): Site-specific favicons will replace the majority of generic favicons, while maintaining zero-knowledge.
7. Record Icons: Small icons in record details indicate when a record is a favorite, a shared record, or contains a TOTP.
8. Quality of Life Improvements: The terminology for 'Save' and 'Cancel' buttons on the record edit screen, as well as the 'Autofill' and 'Autosubmit' settings in record details, have been updated for clarity & consistency with the Web Vault.
BE-5482: Disabled the onboarding dialogue (the instructions on how to pin Keeper’s extension) in cases where the extension has been force installed.
BE-5452: DUO 2FA now supports alphanumeric characters.
BE-5407: Fixed an issue with duo 2FA not redirecting to master password entry screen.
BE-5405: Fixed an issue where Search UI deforms when taking certain actions in Edit Record screen.
BE-5420: Fixed an issue where shared folder records were still accessible via the extension to users who were removed from the team that gave them access.
BE-5434: Fixed an issue where passkey prompt still displayed on certain sites that the user disabled Keeperfill on via role enforcement policies.
BE-5466: Fixed an issue where the “back” button was blending in to the extension’s UI.
BE-5478: Fixed an issue where changes to the autofill or autosubmit settings on a record were sometimes reverted after logging out.
BE-5484: Fixed an issue with record types displaying as text keys in the record details view.
BE-5483: Fixed an issue where the options menu icon was difficult to see in search results when using dark mode.
BE-5467: Fixed an issue where pressing the Enter key was not triggering an action while focus was placed on a record in the extension toolbar window.
BE-5409, BE-5408: Fixed domain matching issues on a few sites to ensure that the proper records are surfaced.
BE-4402: Fixed an issue where form filler did not appear on a few sites.
BE-5422: Other site-specific fixes:
app.crewmeister.com
https://www.aliexpress.us/
https://www.delta.com/
https://www.eurowings.com/
https://accounts.netgear.com/login
https://app.tinypulse.com/auth
https://mft.askallegiance.com/webclient/Login.xhtml
https://www.slack.com/signin#/signin
http://share.minterellison.com/login
https://portal.schonfeld.com/
http://therapynotes.com/app/login/
https://tic.3cx.us:5001/
https://welcome.saas.mrisoftware.com/
https://bvsperformance.bvsinc.com/registrationbank.asp
https://online.corp.westpac.com.au/SignIn/Index
https://www.foundersport.com/?bmid=
https://www.bbva.es/empresas.html
Released January 26, 2024
BE-5382: the Keeper lock icon was appearing on unexpected, unapplicable fields (fields other than login, email, password, etc.)
BE-4634: On Firefox, the Keeper app was not working on 'saved' websites that were automatically launched during Firefox startup
BE-5390: Keeper icons were not appearing on 'startup' pages that automatically launched during Chrome startup
BE-5371: Search results in the main Browser Extension window were capped at 10 results if user navigated to "Settings" after performing a search
BE-5388: The browser extension was unexpectedly filling forms populated by the ActiveInbox extension in Gmail
BE-5384: The change password prompt was not appearing when Azure's change password flow was launched from the Security Info tab
BE-5417: Some users' clients were invoking a translate function before store setup
BE-5424: The Security setting for "stay logged in" was unable to be updated for some users
BE-5488: When launching a new tab from the extension, Keeper would previously clean up the URL before launching it; this change has been reverted, and Keeper will now launch the exact URL stored in your vault
BE-5435: When using the Keeper Admin Console, some users were incorrectly receiving prompts from the Browser Extension
BE-5453: The Generate Password create-a-record flow was not automatically prepending "https://" in the URL as intended
BE-5313: Keeper lock icon was incorrectly displaying in Gmail's search bar when Gmail was being used in certain languages (e.g. Deutsch)
BE-5451: The prompt appearing after the change-a-password-via-Keeper flow was completed was missing certain elements
BE-5419: On certain websites, the Browser Extension was conflicting with Microsoft Editor: Spelling & Grammar Checker
BE-5389: Slight adjustment to the placement of an accessibility settings toggle
BE-5416: In Browser Extension search results, the default payment card indicator was changed color from grey to green
BE-5415: In dark mode, Green indicator color was not consistent across screens
BE-5412: In dark mode, the color of certain text elements made them difficult to read
BE-5410: The color of password complexity checkmarks were changing based on theme color, when they are intended to remain blue
BE-5393: Certain popups were unable to be navigated using keyboard controls
BE-5411: Users were unable to perform certain navigation with keyboard controls in the Browser Extension's Generator History screen
BE-5391: Adjusted color of a few elements in dark mode to meet compliance requirements
http://box.com/
https://accounts.zoho.com/signin
https://admin.private.zscaler.com/#
https://app.asana.com/-/login
https://app.dashlane.com/login
https://app.hubspot.com/login/beta/
https://auth.datto.com/login
https://auth.tesla.com/
https://auth.uber.com/v2/
https://auth0.com/
https://Aviation.agcs.allianz.com
https://courtier.wazari.fr/#/login
Released on Jan 10, 2024
In Preview. ETA Dec 28, 2023
BR-5318: Tooltip "copy" doesn't go away after clicking copy from password history screen
BE-5228: Not all subfolders are showing in the Edit/Create record screen
BE-5234: New password fails to save in Github if user updates the password first on Github before saving the changes on Keeper.
BE-4727: airbnb.ca login form fixes
BE-5368: Custom field
BE-5383: Yayoi website login fixes
BE-5368: Custom field website matching not working when port number is in URL
BE-5369: Extension isn't handling launching URLs without a protocol specified, need to just assume https
BE-5394: Clicking on "Create an Account" in the login screen does not take the user to "Create Your Account" on Web Vault.
BE-5402: Dark mode Keeper logo issues
https://amers2.identity.ciam.refinitiv.net/auth/UI/Login
https://api.scm.dss.husqvarnagroup.net/createcontracts
https://app.pax8.com
https://crm.solshost.co.uk
https://customer.bmwgroup.com/oneid#/register
https://hub.connectwise.com
https://kws.okta-emea.com
https://solutionsforaccountinglimited.sage.hr
https://e01hosting.tessitura.com/vpn/index.html
https://icloud.com
BE-5005: 508 compliance / high contrast items
Released on Nov 22, 2023
BE-5375: Passkey management not working on Firefox 119+
BE-5366: TOTP filling On Google Not Working For Equivalent Domains (e.g. gmail.com, youtube.com, etc)
BE-3272: Enterprise KeeperFill domain restrictions are not working with special characters in the URL
BE-5341: Creating a record with title only throws an error in Form filler
BE-5264: When a Keeper DNA (Watch device) user opts to use “Two-Factor Method” during device approval and approves the push, the extension goes back to the “Select Method” menu rather than proceed to the Master Password entry.
BE-5338: Firefox BE main screen not closed when record is launched from search or matching records
BE-5002, BE-5003, BE-5004, BE-5011, BE-5007: 508 compliance items
BE-5353: Site-specific fixes
adminer.jump-biz.fr app.appogeehr.com app.pax8.com asp-eu.broadridgeims.com crm.solshost.co.uk customer.bmwgroup.com ds-ecommerce.konicaminolta.at login.midamericanenergy.com login.zoominfo.com mammatus.cluen.com one.kaseya.com secure.employmenthero.com solutionsforaccountinglimited.sage.hr us.cloudcare.avg.com
Released on Nov 9, 2023
Released on Nov 3, 2023
BE-5291: Multiple customer reported website fixes
https://ww6.autotask.net https://www.ebay.com https://hr.rozeroom.org https://dashboard.m1.com/login https://chase.com https://auth.auvik.com/ https://ally.com https://console.wasabisys.com/login https://login.microsoftonline.com
BE-5226: Logins with MFA fields are auto-filled with URL in some cases
BE-5288: Unable to edit multi-line notes in the extension
BE-5287: Improvements to password generator record creation flow
BE-5317: Automatic updates of the public suffix list
BE-5331: Shared folder-subfolder records are missing in the extension
BE-5352: With "match on subdomain" enabled, the extension does not autofill on a non-subdomain-matching site even if it's the only record.
BE-5348: Remove the user's search string from local storage
BE-5351: FIDO2 key prompt not appearing for some sites
BE-5365: Performance / browser crashing due to a large number of "hidden" input fields
BE-4919: Upon installing the extension, we now auto-launch a helpful user guide page.
Released on Oct 17, 2023
BE-4356: Ability to control tab behavior with the Keeper lock icon within form fields. By disabling this accessibility setting, tabbing through forms will not focus on the icon.
BE-5058: Password generator history feature provides users with a way of retrieving any generated password (in case they forget to save it). Generated passwords are encrypted and only decrypted upon logging into the extension. Visit the Password Generator screen > Generator History. To clear the history, click on "Clear History".
BE-5336: Some sites are crashing with Keeper installed. The sites affected are using extremely large field identifiers, causing Keeper's regular expression parser to use too many resources.
BE-5328: Cloudflare WARP client breaks Keeper passkeys usage
BE-5218: When editing a record from the matching records screen, the record is not visually updated in the UI until user returns to main menu
BE-5253: On Windows devices, Passkey login on Google is not allowing the user to use a different passkey other than the one stored in Keeper.
BE-5282: Setting up a Microsoft security key while having Keeper installed hangs intermittently
BE-5267: Some sites in Safari are not loading our scripts on the first load when navigating directly to them either by putting the website address in the toolbar or using a bookmark.
BE-5231: Lock icons appear on the wrong side for some sites that are in Hebrew
BE-5290: Amazon.com auto-submit not working
BE-5239: Onboarding a new user directly from the browser extension with SSO having a 2FA enforcement fails to complete signup
BE-5210: Extension does not auto-append "https://" in the URL field if the user fills it in manually.
BE-5204: There are some scenarios where the enterprise Domain Restriction enforcement policy is not working properly when the domain changes while the user is navigating through a site. LinkedIn is an example of this.
BE-5190: PayPal website in German region not working
BE-5103: Deleted Shared Folder Is Not Removing Records Within That Shared Folder On Other Accounts. When User A that owns a shared folder with records in it and User B is shared that shared folder, then User A deletes the shared folder, the records persist in User B’s cache.
BE-4991: Re-Authentication policy for editing enterprise record is not enforced when using the right-click context menu
BE-5232: Fixed login issues on JP tax filing site (https://uketsuke.e-tax.nta.go.jp)
BE-5300: Fixed AWS login issue where Account ID is filled with TOTP code
BE-5165: Fixed https://yournextstep.com
BE-5299: Filling from the browser extension toolbar is not using Equivalent Domains (e.g. microsoft.com and azure.com)
BE-5298: Searching too fast causes no results then breaks search until logout.
BE-5295: Unable to save changes with V2 (general) records - checkmark (save button) does not work.
BE-4476: In some scenarios, the browser extension is not calculating enterprise audit scores.
BE-5216: Autofill issues on ADP.com
Various site-specific autofill issues as reported by customers
BE-5273: The "copy" icon appears on records with privacy screen enforcement policy. Occurs on custom templates w/ privacy screen, team enforced, and role enforced records
BE-5285: Improved security of Payment Card filling with additional system popup prompting.
BE-5278: The Default User Setting enforcement for the Stay Logged In option is not interpreted correctly in BE. The enforcement should only apply on the first login after the user has been added to a role. Any changes made to the "Stay Logged In" setting should stay saved whether its ON or OFF.
BE-5242: The Keeper lock icon is showing in Gmail search fields in some languages
Released on Sept 13, 2023
BE-5271: Various site-specific autofill fixes
BE-5280: Performance related field identification issue
Released on Aug 30, 2023
BE-5158: Searching from the "filter matching" screen will search the entire vault
BE-4986: Copy button added to Notes field
BE-5166: Auto-submit option is now default to OFF
BE-5227: Autofill from clicking Launch on Web Vault is not auto-filling
BE-5240: FIDO2 key login to Admin Console not working on Firefox
BE-5237: Moving a record between shared folders makes it disappear from Autofill
BE-4975: A team-enforced privacy screen applies the privacy screen to the record owner
BE-4969: Teams with "Hide Shared Folders" restriction are not hiding records in extension
BE-5217: Best Buy passkeys are not working on Firefox
Hundreds of site-specific bug fixes
Released on August 23, 2023
BE-5237: Moving a record into a different shared folder causes it to disappear from Autofill
BE-5013: Searching KeeperFill with Kanji characters doesn't work
BE-5012: Twitter Japan autofill issues
BE-4862: Some favicons are showing broken images
BE-4986: No "Copy" button showing in Notes field
BE-4995: Date format does not change in different locales
BE-4985: Extension does not retain email when logging in from the web vault
BE-4984: The extension is overriding the enterprise enforcement complexity on random password generation when the enforcement’s generation is less secure than the default password generation.
BE-4936: When searching the matching records and deleting one character at a time, the matching records don't reload when the search field is cleared.
BE-4933: The Account select in the Change Password window erroneously shows the Create New Record at the bottom of the list.
BE-4904: Github 2FA code doesn't autofill
BE-4917: Amtrak login issues
BE-4876: There are customer reported cases that on startup on some chromium (opera in this case) browsers, the chrome.tabs.onUpdated function is called before the onBrowserStart function has completed. This causes some bugs.
BE-4840: BE is not resetting all matching records after user manually deletes all the characters in the query string.
BE-5127: Unable to use Passkeys on Best Buy in Firefox
BE-5240: Unable to login to the Admin Console using Firefox with a hardware security key.
BE-5166: Default Autosubmit to OFF on new accounts
BE-5206: Record UID is now searchable
Many other website-specific autofill fixes
Released on Aug 17, 2023
Released on Aug 12, 2023
BE-4775: UI update for clearer visibility and 508 compliance
BE-4879: Support for Passkeys [User Guide]
BE-4837: Autofill for HTTP Basic Auth websites
BE-4619: Ability to manage HTTP "insecure fill warning" prompting in settings screen
BE-4410: Show long emails by hovering over with the mouse
BE-4974: Clear previous search after 5 minutes
BE-5060: Allow for longer logout timer values (no longer limited to 1440 minutes)
BE-5168: Removed "Off" setting for logout timer in favor of simple logout timer setting
BE-4090: Improvement to "Prompt to Update" flow
BE-3890: Firefox private windows
BE-4803: Dell.com delltechnologies.com alias
BE-4954: URL parsing breaks IPv6 hostnames in the record Autofill
BE-4786: Walmart payment cards
BE-4783: Custom record type with multiple URLs doesn't Autofill
BE-4781: Royal Mail doesn't fill payment cards
BE-4778: Ebay autofill issues
BE-4260: Porsche website autofill issues
BE-5095: Numerous Japanese translation issues
BE-5106: Several items related to SSO accounts with TOTP and Yubikey
Hundreds of other site-specific autofill fixes
Autofill from the browser extension toolbar is denied if there is no URL associated to a record.
Released on June 27, 2023
This update contained a security update in reference to a bug which was discovered by the Meta Offensive Security Group (namely Godlove Penn, Samuel Manzer, Tom Ravenscroft, Aaron Grattafiori, Greg Prosser).
This release addresses ticket BE-5131 in which the Keeper browser extension was writing temporary ephemeral logs to a user's computer-device storage that contained local vault data and data typed into Keeper in some circumstances.
The issue required a fully-compromised, physical device to exploit. We resolved and published a security update within 12 hours of receiving and verifying the research findings. No reports of any customers affected by this bug have been reported to Keeper. Mobile Apps and Desktop Applications were not affected and do not require updates.
All users with affected Keeper browser extensions (versions 16.4.16, 16.5.0, 16.5.1, 16.5.2) have been automatically force-updated to version 16.5.4 (or newer) across all app stores. Access to affected versions was blocked. Customers do not need to take any further action.
If you have any questions please email security@keepersecurity.com.
Version 16.5.3 was pushed live on June 27, 2023, and version 16.5.4 was pushed out to users on July 1, 2023.
Released on May 20, 2023
BE-4537: Handling of Web socket requests when MV3 browser extension service worker has been terminated
BE-4802: New Safari extension [User Guide]
BE-4536: Bootstrapping for MV3: When the service worker is stopped, all memory is lost. The next time the extension boots up, based on what the user's last action was, it grabs what it needs from physical storage, processes that, puts it into memory, then does perform the user's last action if there was one.
BE-4749: Login to Upwork.com is clicking the wrong button
BE-4938: Firefox using too much memory
BE-4979: Keeper throws errors on mapfreconnect.com
BE-4977: When you disconnect from the network and reconnect, the extension shows logged in; however, it prompts for 2FA and can send SMS 2FA incorrectly.
BE-4983: Form filling is broken for V2 (general) custom fields
BE-4990: Autofill broken on squareup.com
BE-4956: Based on customer feedback, we removed the "prompt to login" on page loads.
BE-4988: When the extension fills into an http / insecure site, the extension will ask the user through a window popup if the user would like to continue to fill the inputs because the connection is insecure. Clicking "OK" doesn't fill the contents or close the window and clicking cancel doesn't close the window.
Released on May 2, 2023
BE-4973: Pasting text into the browser extension can sometimes scramble characters
BE-4972: In some rare scenarios, the browser extension is encrypting a record with a new key instead of using the existing record key. This can cause data corruption and require the user to revert to the prior version of a record.
Released on April 3, 2023
BE-4923: Protection against Chromium crash when max IndexedDB reaches quota
BE-4928: SSO Logout generating duplicate requests to the server, creating replay error
BE-4952: Browser Extension crashes when switching VPN connections while logged in
BE-4953: Record matching stops working properly after network changes occur on the user's machine
BE-4960: When a user has Firefox set to "never to remember history" in the security settings and disconnects from the network, none of the records show for a specific domain after reconnecting.
BE-4942: When a user deletes a record from a domain then logs out and logs in again, the other records on that domain disappear when navigating to that domain.
BE-4943: The browser action window crashes on startup sometimes because the tabs value is undefined or null from a chrome listener. This makes it so that initialization steps in the extension don't complete because these thrown errors interrupt the startup process.
BE-4682: Extension reverts to Backup 2FA over WebAuthn with Cloud SSO activated account With this update, SSO Cloud accounts that enforce 2FA will default to the use of WebAuthn instead of TOTP/SMS.
BE-4934: In order to reduce sync calls in large enterprise customers with many shared records, the browser extension will process closely received incoming messages in batches.
Released on March 5, 2023
BE-4912: High CPU usage due to repeated message sending when many tabs in use
BE-4922: Prompt to Login is showing on the Okta login screen, in some flows
BE-4920: Credit card numbers not masked by default
BE-4926: Keeper prompts are taking mouse focus
BE-4923: Local storage cache growing too large causes browser to crash.
BE-4921: When typing an email during login to a site, the Autofill suggestion dialog is not clearing.
Released on Feb 14, 2023
This Browser Extension release has been many months in the making, due to major restructuring of the codebase due to the new Manifest V3 requirement being enforced by Google. We took this opportunity to refactor syncing and performance for large vault accounts, with over 100 bug fixes.
BE-4515: When a user logs in with SSO, logout will go back to the "normal" login screen displaying the email address and "Next" button, instead of showing the SSO Enterprise Domain screen.
BE-4738: Support for upcoming "WiFi" Record Type
BE-4654: Geolocations API permission to set user's region upon install
BE-4559: Payment Card icons now compatible with all display modes
BE-4515: Unless user previously logs in using Enterprise SSO Login, login screen will always default to Master Password login
BE-4538, BE-4530, BE-4532, BE-4531: Manifest V3 migration including new record sharding, redux actions and message queuing.
BE-4744: New progress animation during sync
BE -4814: Significant performance improvements to extension on Firefox Browser
BE-4729: Issues with extension login via Azure SSO on-prem connect (Firefox)
BE-4729: Search results fail to update when a character is deleted in the search field (Firefox)
BE-3831: Crash occurs on master password re-authentication after six attempts
BE-4489: Changes to extension settings do not take effect until user logouts/logins
BE-3763: Autofill via right-click context menu fails for Amazon AWS new credit card entry
BE-4730: KeeperFill window unable to be moved by user on touch screen
BE-4683: Autofill does not detect password fields on various Google foreign language pages
BE-4640: User is unable to see Private Key field in an "SSH Key" Record Type without filling the Public Key field
BE-4616: Custom Fields within a custom record type fail to autofill
BE-4502: Prompt to login fails to appear on newly installed extension
BE-4440: "Payment Card" Record Type autofill via the right-click context menu fails for billing address fields
BE-4788: Logging into the Web Vault fails to simultaneously log user into the extension
BE-4811: Prompt to change password fails to appear when a user has an existing record for a domain and visits the change password page
BE-4631: After reverting a password during the password change workflow, the change is not reflected in the user interface of the BE until logout/login. This will be addressed in our next update.
Released on Nov 5, 2022
Released on Sep 7, 2022
BE-4595: Updated to the latest Keeper Javascript SDK
BE-4534, BE-4010, BE-4535: Migration to MV3
BE-4479: 2 single tab windows with different domains confuses the context menu
BE-4623: Extension does not allow users to retry with different Enterprise Domains
BE-4494: After moving a subfolder out of a folder, the extension shows info in 2 locations
BE-4593: User not taken to Web Vault when clicking vault button from sign-in screen
BE-4587: Mouse changes from arrow to hand on record title
BE-4639: Editing the URL from the extension does not reflect in the UI
BE-4659: Users in AU are not auto-logged-in to the extension when installing it from within the Vault.
BE-4646: Error message "object already exists" when logging into the GovCloud region.
BE-4661: MAPFRE website causes JS error
BE-4692: Open in Vault does not open the record when the vault is already open in another tab.
BE-4695: KeeperFill is showing in Gmail search box
BE-4703: Prompt to Save is not showing correctly when the user does not have a record in their vault.
BE-4701: Expiring the Master Password does not show the proper error message in the UI.
BE-4716: Filling on VMware Horizon with Autosubmit does not click the correct button.
BE-4717: Throttling message not being displayed in the UI properly in some cases.
BE-4691: Vault Transfer consent notice not showing in the browser extension
Released on July 23, 2022
BE-4641: Reduce size of total package by lazy loading libraries
BE-4649: Existing session token login with Region Redirect is not redirecting
BE-4657: EU region not receiving Keeper Push approval notification
BE-4652: Very Large payload unable to decode response
BE-4645: Confirmation Popup on Show Cards/Address button
Released on July 17, 2022
Released on July 13, 2022
Released on June 11, 2022
Released on May 20, 2022
BE-4524: Legacy (general) records with non-latin1 characters are showing scrambled in the UI
BE-3890: Using Firefox in Private Browsing Mode not functional
BE-4547: Duo 2FA shows Voice Call option when not supported
BE-4553: Unable to log back in after user logged out by and admin-enforced Logout timer.
BE-4526, BE-4527, BE-4528, BE-4529: Partial migration to Manifest V3 packaging. Local storage changes, bundling of Javascript, configuration of setting storage.
BE-4523, BE-4522: Updated crypto libraries to match Web Vault
Customers can install the Keeper Beta Version: 1. Uninstall your existing Keeper extension
2. Install the Beta available here:
https://chrome.google.com/webstore/detail/keeper%C2%AE-password-manager/hlkdkmefjphnecdoiaajhndjmkpkhifo?hl=en&authuser=0 Please ensure that you only have one Keeper extension installed at a time.
Released on April 2, 2022
BE-4326: Support for High Contrast (Dark Mode)
You can now activate Dark Mode in the Settings > Themes screen
BE-4316: Color indicators show on the list of records
BE-4329: Combined Stay Logged In and Logout Timers
To simplify the user experience, we have merged the Logout Timer and Stay Logged In setting into a new "Security" settings screen.
When logging in or registering for an account on a website with no stored credentials, Keeper provides the user with a user experience that quickly and seamlessly creates the vault record. The user is first presented with a list of possible email addresses to use for the login field.
On the password field, the user can instantly generate a password.
If you already know the password, when you start to type Keeper will allow you to instantly save the information, making it super easy to capture existing passwords.
This new workflow also solves another pain point for users by allowing the saving of credentials on single-page application websites such as sketch.com, hubspot.com and thousands of similar sites.
In addition to this workflow, we have also introduced Folder Selection so you can save a record directly to a private or shared folder without having to leave the current page. This highly requested capability is included in several workflows and will be incorporated into other areas of the browser extension moving forward.
While saving the new record, you can also directly set the "Autofill" and "Autosubmit" options.
This new workflow can be controlled through a new Settings screen called "Autofill Suggestions":
BE-4407: 2FA code filling on Slack.com
BE-4409: Improved behavior on login with "blocked" account status
BE-4408: Google social login button being clicked by Autofill
BE-4405: AWS multi-page login improvements
BE-4384: Improved filling of "textarea" form field types
BE-4350: Filling 2FA codes that are separated between different input fields such as newegg.com
BE-3937: Autofill causing errors on cashweb.nl
BE-4462: Search crashing from corrupt record data
BE-4411: If user has "Block 3rd party cookies" setting turned on, the extension screen is not visible.
Changes made to Autofill and auto-submit settings are not activated until the next logout/login
Few visual issues with Dark Mode
Enterprise Users with Vault Transfer enabled are not immediately logged into the browser extension upon first acceptance. Logout/login is required.
Release on Jan 26, 2022
This new Browser Extension version 16.2 introduces a new and improved workflow and elegant user experience for saving new passwords.
When logging in or registering for an account on a website with no stored credentials, Keeper provides the user with a user experience that quickly and seamlessly creates the vault record. The user is first presented with a list of possible email addresses to use for the login field.
On the password field, the user can instantly generate a password.
If you already know the password, when you start to type Keeper will allow you to instantly save the information, making it super easy to capture existing passwords.
This new workflow also solves another pain point for users by allowing the saving of credentials on single-page application websites such as sketch.com, hubspot.com and thousands of similar sites.
In addition to this workflow, we have also introduced Folder Selection so you can save a record directly to a private or shared folder without having to leave the current page. This highly requested capability is included in several workflows and will be incorporated into other areas of the browser extension moving forward.
While saving the new record, you can also directly set the "Autofill" and "Autosubmit" options.
This new workflow can be controlled through a new Settings screen called "Autofill Suggestions":
Other changes:
BE-4311: Change "Sym" string to "!@#"
BE-4331: Improved sync speed and performance for accounts with a large number of records
BE-4400: Support for role enforcement policy "Autofill_Suggestion" which can disable the new workflow, if a customer requests it.
BE-4328: Role enforcement "Autofill Disable" is being ignored by the browser extension
BE-4342: Password filling prompts popping up in some unrelated pages
BE-4354: Saving a record fails after the extension appears to be logged in, even though the user is not logged in.
BE-4362: Prompt to Login is still appearing if it's toggled to OFF
BE-4379: Random lock appearing in brightree.net
BE-4341: Prompting not working on ADP website
BE-3493: TOTP filling not working with new Record Typed records
BE-4426: Improvements to autofill on Apache Guacamole
BE-4383: Header disappears when clicking Back from Edit screen
BE-4349: Form filling search screen does not allow typing space characters.
BE-4363: Form filler dialog shows visually cut off in some cases
BE-4413: Brand new records created on new Vault accounts are not syncing instantly to the extension
Releases notes older than last 10 releases
Older release note content is still available, but anything older than the last 10 updates is placed here.
Released on Dec 8, 2021 to Firefox Store Only
Published on Dec 5, 2021
BE-4278: Expiration dates from payment card records not filling properly
BE-4256: Ensure minimum default password strength on "change password" screens is 20 characters.
BE-3920: Remember Email setting does not work
BE-4318: User gets infinite spinner when typing password wrong 2 times
BE-4319: User logged out with "throttle" error after attempting to on/off logout timer
BE-4304: User sometimes logged out from "throttle"
BE-4334: Error when logging into the extension when a URL contains a comma
BE-4335: Form filling issue on turborater.com
BE-4337, BE-4338: Remove old unused code references to resolve flagged vulnerabilities on crxcavator.io (https://crxcavator.io/report/bfogiafebfohielmmehodmfbbebbbpei/16.0.3?platform=Chrome)
BE-4301: Support for new Twitter.com login flows
BE-4291: Autofilling Facebook in German website does not fill
BE-4292: URLs with port numbers in the value are not showing properly on search results
BE-4346: Resolve login issues with Dell.com
BE-4344: Payment cards and addresses are auto-submitting, this should not occur.
BE-4355: BE does not enforce "require re-authentication" enforcement
BE-4301: Support for new Twitter login flow
BE-4314: Payment card filling broken on craigslist
Several improvements for 508 compliance: Focus events, Voiceover, Labels and Field Instruction
BE-4332: Improved syncing in environments with thousands of shared records among thousands of users.
Released on Sept 21, 2021
Released on Sep 27, 2021
Updated User interface, added workflow optimizations around filling and viewing sites.
Support for Record Types. Record Types are launching in late Sept across all devices, however it can be activated for customers on a per-request basis. More information on Record Types is available here: https://docs.keeper.io/enterprise-guide/creating-new-record-types
🇺🇸 Support for the Amazon AWS GovCloud environment. Keeper is currently FedRAMP in-process and public sector entities can now establish their Keeper tenant in the GovCloud environment. Contact the public sector sales team at govsales@keepersecurity.com for more information.
Enhanced 508 Accessibility / Ergonomics support with high contrast themes, larger fonts, better visibility and generally a cleaner layout. Support for screen readers and Keyboard navigation have also been improved.
Our password generator has has its special characters set expanto this set:
!@#$%()+;<>=?[]{}^.,
Adding more special character is a balance between generating the most secure password possible, and ensuring the passwords generated do not cause issues on websites, this evolution increases our password entropy.
BE-4068: Disable Stay Logged In enforcement not allowing user to turn off the setting.
BE-4138: Better handling of the password strength slider
BE-4141: Master Password re-entry feature broken on enforcement
BE-4139: Auto-submit on Microsoft.com
BE-4085: Logout timer with blank input logs out of the extension
BE-4100: Extension remembers email when Remember Email is Off
Released on August 16, 2021
Released on Aug 9, 2021
Released on Aug 9, 2021. Merged with 15.3.6.
BE-4073: Increased the number of special characters to this set:
!@#$%()+;<>=?[]{}^.,
BE-3898: Improved the clarity of the account selection when changing a password.
The right-click context menu is now usable on the entire page, not just over form fields.
BE-4097: The TOTP code on the browser extension is sometimes different than the Web Vault value.
BE-3995: Better handling of expired Enterprise accounts
BE-3935: Wells Fargo login with Single Click Fill
BE-2107: PNC Bank autofill
BE-3721: ebanking-services.com autofill
BE-3404: ZenQMS autofill
BE-3781: Kaysera autofill
BE-2215: ringcentral.com, sainsburys
BE-4054: Compatibility with sites that use craftcms.com
BE-4060: ESPN.com autofill
BE-3615: Fixed interference with Vimeo .woff files
BE-4083: Display if the user's account is throttled
BE-4095: When there is one username field and 3 password fields, autofill fails
BE-3397: Autofill on AT&T business portal
BE-4065: Autofill on abramscapital.com
BE-4063: Autofill on Staplescopyandprint.ca
BE-4062: Autofill on smart-trial.co
Released on June 25, 2021
BE-4000: The password generator only allows a maximum of 51 characters (should be 100)
BE-4008: IP Addresses are displayed and linking incorrectly in record view of search results
BE-3916: SSO login to extension generates "update your account settings" error
BE-3742: "Prompt to Update" dialogue disappears too quickly on page redirect
BE-3707: Payment card autofill fails on portal.azure.com
BE-4013: Creating a record at walmart.com registration screen submits the form prematurely
BE-4036, BE-4016, BE-4017, BE-4019, BE-4021: Fill button fails to fill existing record on various sites
BE-4020, BE-4022: Auto Submit fails on various sites
BE-4025: Auto Submit occurs on various registration forms when it shouldn't
BE-4026: The second password fields of various registration forms are not filled when a new record is created
BE-4015: Privacy Screen allowed user to copy password in one particular flow
BE-3998: If user explicitly turned Autofill OFF, don't prompt to turn autofill on anymore.
BE-4002: Improved Password Change detection routine to ensure password is saved even if the user forgets to click Save.
BE-4035: Records are not deleted for the user immediately when the user is removed from a Team.
BE-2358: Fixed auto-submit on Lifelock website
BE-3968: Locked down Content Security Policy embedded within the extension.
BE-4012: Improved synchronization with the Web Vault and backend system for Logout persistence.
Released on May 10, 2021
BE-3803: Improved memory management / clearing after logout
BE-3864: Right click menu to create payment card not working
BE-3956: Select-all Ctrl+A appended 'a' to end of the string
BE-3864: Google sign-in screen not prompting to save password
BE-3914: Stay Logged In sometimes not keeping the user logged in
BE-3840: Crowdstrike login interferes with icons
BE-3991: When a user creates a new record from the the password generator, the autofill and autosubmit toggle settings don't save
BE- 3988: Unable to login to extension when Yubikey is activated (Firefox)
Keeper has been making UI changes across all web-applications and browser extensions to comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d). The Keeper browser extension now supports keyboard navigation and it's compatible with popular screen readers and other assistive technology.
The vault search bar is always visible, and the search logic matches the Web Vault and Desktop App algorithm exactly. Therefore, the same search can be applied in both platforms. Users can search for a website login or any other piece of other information stored in their Keeper vault by simply opening the extension and entering their search criteria. The search feature is case insensitive and will match any record within your vault as you type, even partial words. The search results can also be sorted by name and date.
Keeper's password generator is now within easy reach in the extension toolbar landing screen. Users can generate and copy the secure password or use it to create a new record directly from the main screen.
The new "Matching Records" screen will now appear in the extension toolbar window.
Clicking the copy icon next to a record gives you the option to quickly copy the username and password or you can autofill the record by clicking the fill button. If there are many record matches, users can enter search terms to narrow down the results and even sort them by name or date.
The Autofill and Auto Submit settings can be enabled or disabled for individual records from both the extension toolbar and fill window.
Important Notes:
This setting will override the global Auto Submit setting.
If you have multiple records that match the same website, Keeper will not auto-fill and you will be prompted to select the record to fill. When there are multiple matches to a domain, you must click "Fill" to prevent undesirable behavior.
From the on-page fill window, users can filter on all records matching the current site's domain name. This is helpful for sites with many stored records.
Release ETA May 5, 2021 on Firefox, Chrome, Edge Browsers.
BE-3803: Improved memory management / clearing after logout
BE-3864: Right click menu to create payment card not working
BE-3956: Select-all Ctrl+A appended 'a' to end of the string
BE-3864: Google sign-in screen not prompting to save password
BE-3914: Stay Logged In sometimes not keeping the user logged in
BE-3840: Crowdstrike login interferes with icons
Keeper has been making UI changes across all web-applications and browser extensions to comply with Section 508 of the Rehabilitation Act (29 U.S.C. § 794d). The Keeper browser extension now supports keyboard navigation and it's compatible with popular screen readers and other assistive technology.
The vault search bar is always visible, and the search logic matches the Web Vault and Desktop App algorithm exactly. Therefore, the same search can be applied in both platforms. Users can search for a website login or any other piece of other information stored in their Keeper vault by simply opening the extension and entering their search criteria. The search feature is case insensitive and will match any record within your vault as you type, even partial words. The search results can also be sorted by name and date.
Keeper's password generator is now within easy reach in the extension toolbar landing screen. Users can generate and copy the secure password or use it to create a new record directly from the main screen.
The new "Matching Records" screen will now appear in the extension toolbar window.
Clicking the copy icon next to a record gives you the option to quickly copy the username and password or you can autofill the record by clicking the fill button. If there are many record matches, users can enter search terms to narrow down the results and even sort them by name or date.
The Autofill and Auto Submit settings can be enabled or disabled for individual records from both the extension toolbar and fill window.
Important Notes:
This setting will override the global Auto Submit setting.
If you have multiple records that match the same website, Keeper will not auto-fill and you will be prompted to select the record to fill. When there are multiple matches to a domain, you must click "Fill" to prevent undesirable behavior.
From the on-page fill window, users can filter on all records matching the current site's domain name. This is helpful for sites with many stored records.
Released April 2, 2021
Release ETA March 19, 2021
BE-3897: Support for HTTP fill enforcement in the Admin Console. Disabling this enforcement removes the HTTP fill warning from the browser extension prompts.
BE-3917: The "Stay logged In" feature fails when a user closes out of their browser. Affected certain SSO Cloud users.
BE-3909: Custom field matching fails when a record's "Website Address" field is left blank
BE-3889: Clicking on a row within a list of matching records fails to expand/collapse the row
BE-3773: The extension's search field should clear upon returning to it when the user begins typing
Released March 6, 2021 and rolling out over a few days
Multiple: "Stay Logged In" improvements to prevent edge cases where the extension logs out
BE-3822: Added capability for Browser Extension to perform Vault Transfer acceptance
BE-3787: Improved the performance of Firefox when Keeper is running
BE-1873: Improved performance with Dynamics 365
BE-2008: Improved performance with Microsoft Sharepoint
BE-2508: Improved performance with Gitbook.com
BE-2630: Improved performance with eSource
BE-3506: Additional support for Role Policy enforcements in the KeeperFill section of the Admin Console / Role Policy / Enforcements section.
BE-3820: Improved handling of Web socket disconnections (Syncing is broken until logout/login)
BE-3815: Back button freezes the extension in certain paths
BE-3787: Slow performance on Firefox
BE-3808: If Web Vault access is restricted, don't auto-login the user to the Web Vault.
BE-3040: Copy of masked custom field / masked note from search results
BE-3267: Country list with Samoa listed in the wrong location
BE-3331: Certain letters chopped off in the country name list
BE-3335: Extension closes the vault after logging in with Yubikey
BE-3637: Error message appears when trying to login to US data center after having logged into the EU data center with an SSO account.
BE-3651: Login sequentially to accounts on both US and EU region causes the extension to be confused
Estimated Release Date February 5, 2021
BE-3506: Implemented KeeperFill role enforcement policy that enforces all settings/features of the Browser Extension
BE-3637: Error message appears when logging into US SSO after been logged into EU SSO
BE-3378: Logging into EU SSO Vault fails to simultaneously log user into browser extension
BE-3335: Extension closes Vault after logging in with Yubikey 2FA
BE-3113: Character length doesn't update when user clicks on dice icon in record view
BE-3040: Copying masked note or custom field copies the wrong values
BE-3020: Password strength indicator doesn't work as expected
BE-3014: Fill button is not active when user attempts to fill password from browser extension
BE-3685: Character checkboxes don't function as expected
BE-3710: Users are unable to save Vault records with v15 extension on Beta Edge on Linux
BE-3699: Infinite spinner appears after user sets up DUO for US SSO Cloud account
BE-3389: Denying DUO push doesn't close DUO screen
BE-3736: Record match doesn't appear at corresponding website when the site's URL is entered in the custom field
BE-3734: Error message persists after user attempts to save record after filling out the password field
BE-3738: User experiences infinite loop at dropbox.com/dropins/login
BE-3794: Custom field matching doesn't work with subdomains
BE-3811: RSA 2FA method doesn't allow alphanumeric codes
BE-1873: Chrome browser extension causes errors on Dynamics 365 CRM tool
BE-3815: User receives an infinite spinner after clicking back button on device approval
Estimated Release Date: December 23, 2020
Estimated Release Date December 16, 2020
Released on December 10, 2020
Keeper now prompts for 2FA **before** Master Password. This is part of our new Login V3 security protocol.
We have 2 extensions in the store, version 14 and version 15.
Please ensure that you only have one Keeper browser extension installed. Do not install both v14 and v15 on the same browser or you'll run into issues.
BE-3362: This release includes the addition of a session persistence setting, "Stay Logged In". The purpose of this setting if enabled, allows the user to resume their session based on their "Logout Timer" value, regardless of exiting the application, restarting their computer, etc... This feature can be restricted by the Keeper Admin via Role Policy.
BE-3680: Support for multiple monitors
BE-2334: A new event is created to track when a user selects the "copy" button for a password from the record detail screen
BE-3650: The password generator character limit has increased from 50 to 100 characters
BE-3680: Users with multiple monitors experience visual issues when entering their Master Password and selecting browser extension buttons and switches
BE-3640: Auto-logout fails to clear old timer setting
BE-3439: Edit option is not available when email field is pre-filled in login screen
BE-3375: User receives incorrect error message when the email address field is left empty upon attempted login
BE-3364: Filling of custom field values fails on special character regex
BE-3349: Disabling KeeperFill for specific website fails to prevent form filling from extension toolbar
BE-3347: Device restriction error dialogue offers user incorrect "Forgot Password?" action
BE-3345: Warning message is missing when an Enterprise user attempts to change timer with a logout timer enforcement policy present
BE-3337: Create Record form fails to reset after creating and saving a new record in the form filler
BE-3336: Error message fails to appear when a user leaves the 2FA code field empty upon attempted login
BE-3626: Expected behavior fixes for various vault and browser extension interactions for "Stay Logged In" setting
BE-1851: New user unable to dynamically provision via SSO Connect
BE-3645: Auto-submit fails from search field for various sites
BE-3658: A user is prompted twice for their Master Password when certain conditions are met
BE-3659: User is unable to open their vault from browser extension toolbar at first attempt (FirefoxESR)
BE-3389: DUO push prompt persists after user selects "Deny" button
BE-3344: DUO accounts fail to send a new code when user selects "Resend Code"
BE-3669: Empty records, payment cards and addresses appear editable to the user
BE-3667: A user re-authentication is triggered in attempt to create a new record
BE-2913: Change password action by user fails to trigger change password event
BE-3610: Keeper Push acceptance is not reflected in both windows upon SSO Cloud user login
BE-3676: Keeper Push device approval fails for SSO cloud account that has 2FA (SMS) enabled
Since v15 is a new store listing, we would appreciate if you posted a rating and review.
Release ETA November 11, 2020
The Keeper Browser Extension supporting SSO Connect Cloud is available as a new download from the respective app store on Chrome, Firefox and Microsoft Edge.
New extension v15 is required for SSO Connect Cloud customers
Both v14 and v15 will be maintained during the first phase of deployment
Migration from v14 to v15 is planned for November
🖥️ BETA LINK: https://chrome.google.com/webstore/detail/hlkdkmefjphnecdoiaajhndjmkpkhifo?authuser=1&hl=en
Please ensure only one extension is running at a time. Having multiple Keeper extensions will cause conflicts and errors.
Send any issues to feedback@keepersecurity.com
(Multiple Tickets) login scenarios improved for Cloud SSO user authentication in US and EU regions.
BE-3593: Filling from Search doesn't work
BE-3577: Add additional protections to prevent auto-submit loops
BE-3681: Error "This object no longer exists"
BE-3611: Admin device approval fails for Cloud SSO user with the Account Transfer enforcement policy enabled
BE-3605: Logging into the Web Vault fails to automatically log user into the browser extension when 2FA is enabled (extension v15)
BE- 3606: User unable to login with Cloud SSO after switching between accounts
BE-3603: Upgrading Firefox browser extension from version 14.4.0 to 15.0.0 causes several extension settings to reset
BE-3601: Autofill fails when "Require Re-Authentication" enforcement policies are enabled
BE-3604: Duo push doesn't work from first attempt on a new install
BE-2830: Login on redbox.com
BE-3618: Login on disneymovieinsiders.com
BE-3677: Right-click menu show more than 5 credit cards
Released October 1, 2020
Keeper Browser Extension supporting SSO Connect Cloud is available as a separate install from the respective app store on Chrome, Firefox and Microsoft Edge. Chrome: https://chrome.google.com/webstore/detail/kbedblbpfmeicfpadihimgombbafaeeh?authuser=1&hl=en Edge: https://microsoftedge.microsoft.com/addons/detail/keeper%C2%AE-password-manager-/mpfckamfocjknfipmpjdkkebpnieooca?hl=en-US Firefox: https://addons.mozilla.org/en-US/firefox/addon/keeper-password-manager/
Please note the following:
New extension v15 is required for SSO Connect Cloud customers
Do not run v14 and v15 extensions at the same time
Both v14 and v15 will be maintained during the first phase of deployment
Migration from v14 to v15 is planned for November
Released August 25, 2020
Fixed: The logout timer switch is not defaulting properly when enforced.
Fixed: User receives "Decryption Error" message when attempting to login with SSO Master Password rather than their enterprise domain.
Fixed: After user checks "Don't Ask Again" box, prompt to login to the extension still persists after browser restart.
Released August 22, 2020
Fixed: If a record's "Website Address" field is empty, no record matches are presented to the user based on domains that are entered in the custom field values.
Fixed: Following a user's search for a record in the extension toolbar, the "Fill Record" button doesn't work.
Fixed: Various alignment and design inconsistencies.
Released August 20, 2020
New Browser Extension User Interface - This release introduces major improvements to our existing KeeperFill Browser Extension UI. The changes include a complete overhaul of the existing design elements featuring a cleaner, more intuitive user interface. Users can expect increased accessibility to Keeper's tools and features directly from the browser extension, resulting in a streamlined workflow and efficient browser extension usability. In addition to significant visual enhancements, there are a number of noteworthy features that are introduced in this extensive update, including:
Users now have the ability to create new records and edit existing records directly from the browser extension toolbar.
If there is more than one matching record for a site, users can designate which record Keeper will autofill moving forward or simply opt-out of the autofill feature for that single site entirely.
From a site's login field, users can search within the various matching records to locate and fill the desired login credentials. It is important to note the key factors (in order) that determine record matches:
A email address match that is present on the login page
The website subdomain and domain of the Keeper record URL (e.g. xyz.microsoft.com will first match xyz.microsoft.com and second, microsoft.com)
The website path (e.g. /some/path/to/file)
When a record was last filled or edited
Users can expect simpler, more intuitive navigation of Keeper's dynamic browser extension settings; including the addition of font size adjustability and easier access to the logout timer. The familiar settings users have come to know such as themes, hover locks, auto-submit and match on subdomain still remain within the Settings menu.
This update presents a larger, more accessible search bar for improved usability as well as a significantly faster search experience.
Users can quickly view and search their record "Favorites" containing the most frequently visited sites directly from the browser extension toolbar.
Released June 1, 2020
Released May 20, 2020
Fixed: A communication key is generated when a user attempts to login to their vault from the browser extension.
Fixed: Browser extension does not offer "Remember for 30 Days" option when only DUO push is available for 2FA method.
Fixed: Various issues causing site slowdowns.
Fixed: Email field in the extension login screen fails to clear after user clicks "Add Account".
Released May 5, 2020
Master Password Re-entry Enforcement - This role enforcement allows Admins to further enhance their security policies by requiring users to re-enter their Master Password in order to unmask or copy a password. Once unmasked, the password will be re-masked after 30 seconds have passed.
Support for Duo Push with SSO Login - Duo Push authentication is now supported for users who login to the Keeper browser extension using SSO.
Fixed: The search function fails to display any results.
Fixed: The Master Password login prompt appears in the Keeper browser extension after logging in and out the Vault with SSO.
Fixed: The autofill feature fills both the first name and city fields of an address form with the user's first name.
Released March 26, 2020
KeeperFill Browser Extension Role Enforcement Update - Administrators now have the ability to prevent their users from enabling the Auto Submit and Prompt to Fill features in the KeeperFill Browser Extension.
Fixed: TOTP code (Time-based One-time Password) is failing to autofill at first login attempt to Facebook, requiring the user to manually enter the code and enable "Remember Browser" setting.
Fixed: Both Auto Submit and autofilling of TOTP codes are not working when logging into Snap Chat.
Fixed: Record favorites from the vault are not appearing in the "Favorites" section of the browser extension.
Fixed: When logging into their web vault, users are not automatically logged into the browser extension as expected. (Chromium Edge).
Fixed: Various sites are missing Keeper locks and do not allow the user to fill their credentials using the right-click context menu.
Released March 23, 2020
Fixed: Auto submit fails when logging into Instagram when TOTP (time-based one-time password) is enabled.
Fixed: Infinite loop occurs when autofilling an Instagram record containing an authenticator app's 2FA code (two-factor authentication).
Fixed: The Firefox browser console is unnecessarily flooded with "Error on Firefox" messages (MacOS)
Released February 19, 2020
Fixed: 2FA codes upon submission are not stored properly in memory and instead are saved to custom fields.
Fixed: "Undefined" appears in the domain field of the extension toolbar following a user logging in and out of an Enterprise domain through the browser extension.
Fixed: SSO accounts with alternate passwords are presenting decryption errors.
Fixed: The "Country" field in address records, is defaulting to the United States when left blank in the Web Vault and then accessed through the browser extension (Chrome).
Fixed: Various website specific autofill issues.
Released January 9, 2020
New Login API - This version introduces move to the new Restless Server API.
Fixed: Enterprise users that have created Generated Password Complexity Rules (by domain) force every domain, including those not listed in the enforcement, to use these rules when creating records.
Fixed: An issue causing EU SSO redirect to not function as expected.
Fixed: Users with EU account are unable to login through the browser extension; receive "region_redirect" error message.
Fixed: Logging into the browser extension does not simultaneously log user into their Vault (Edge).
Fixed: "Add Account" button in the toolbar extension window redirects users to the registration page rather than the login page.
Fixed: An issue related to the extension's change password feature at the Salesforce site. The form fields do not appear activated when password feature inputs both password and TOTP entries.
Fixed: User unable to uncheck "Remember Email" box at login screen.
Fixed: An infinite spinner appears when user attempts to login with an expired trial account.
Pre-release notes for the upcoming Keeper Browser Extension v14.0
Offline Mode The Browser Extension will support full Offline Mode capability to align with the Keeper Web Vault offline mode. Offline mode will be enforced by the Keeper Administrator on Enterprise accounts via role enforcement policies.
Integration with new Keeper Backend API The Keeper v14 API platform supports an enhanced level of encryption utilizing encrypted Protocol Buffers instead of JSON. The Keeper Web Vault, Desktop App, iOS, Android and Safari extensions have already migrated to the v14 API.
Autofill improvements on a variety of customer-reported sites
Payment card filling improvements
The estimated release date is August 1, 2019.
Released December 17, 2019
Forced Reload Updates Vault Version - The extension now identifies when the user's Vault is out-of-date and initiates a hard reload to update it to the latest version.
Fixed: An infinite spinner appears in Enterprise accounts with an expired master password when user clicks on "Web Vault".
Fixed: When a user logs into their Vault and installs the extension, the onInstall login to extension does not work.
Fixed : An issue causing the extension to open two tabs upon use of the "Fill from Vault" button (Firefox and Edge).
Released on December 17, 2019
Match on Subdomain - This release introduces a new setting that enables the in-page extension to recognize and differentiate a record's subdomain from its domain.
Only records that match the subdomain of the page visited will be populated into the in-page extension window upon log in.
Alternatively, if no records exist for the subdomain of the page visited but they do for the domain, the in-page extension window will populate all of the existing records containing that domain.
Keyboard Shortcut to Browser Extension Toolbar + Automatic Search Upon Typing - This feature further streamlines the ability to quickly open the browser extension as well as automate the use of the search bar upon typing, essentially eliminating the need for mouse clicks.
Command+Shift+k (for Mac OS) and Alt+k (for Windows) will automatically open the browser extension toolbar.
Once the browser extension is open, the user can simply begin typing their search terms using the up and down arrows on their keyboard to easily navigate to the desired record. The highlighted record can then be autofilled by pressing the enter key.
Launch Button Triggers Automatic Fill and Login - A new enhancement to the "Launch" button within the Vault with one click, automatically takes the user to the site, autofills their credentials, and logs them in a matter of a few seconds.
Fixed dozens of reported website autofill issues
Released on October 11, 2019
Fixed: Firefox SSO users with 2FA unable to login.
Fixed: Performance issues when extension is active on complex CRM and Chat applications
Fixed: Inconsistent issue with sorting matching records within the same subdomain
Fixed: Extension errors when using Firefox ESR 60.9
Fixed: Right-click menu can still be used when the domain is restricted by the Enterprise "KeeperFill" enforcement policy.
Released on October 2, 2019
Released on September 30, 2019. Full rollout after 24 hours.
This is a feature update, bug fix and security update for the Keeper browser extension on Chrome, Firefox and Edge browsers.
Changed default password generator length to 20 characters
Improved filling for sites that separate login and password on different screens (Google, IBM Cloud, etc...)
Improved several sites for two-factor code filling (Amazon AWS, Rackspace, Dropbox, several others)
Fixed: Sites that override iFrame styles (datto.com)
Fixed: Zendesk.com login
Fixed: caremark.com
Fixed: Pasting a Password string into an edited record not functioning consistently
Fixed: Removed locks appearing on buttons (Okta.com)
Security Update 1: UI Clickjacking on partially visible form To prevent malicious websites from performing "clickjacking" attacks against the Keeper extension on partially visible forms (specifically the payment card and address info), we have added additional protections. Users are now prompted to confirm their intention to load payment card and address details. The methods used to load information are blocked until such time that the user approves the action. If the user has a login/password saved for the website previously, the user will not be prompted for the additional confirmation.
Special thanks to the security researcher who submitted the report to Keeper's security team via the Bugcrowd Bug Bounty program.
Security Update 2: Renderer compromise scenario
Chrome's "Site Isolation" protects users against attackers who have an ability to compromise renderer process. This means that an attacker who can run arbitrary code inside renderer process can't steal information from other sites. In the remote case that an attacker has successfully compromised the Chrome web browser and defeated the "Site Isolation" capabilities of Chrome, additional protections can be put in place to ensure that the Keeper extension cannot also be compromised by sending arbitrary messages to the Keeper background process. A link to a discussion on this topic can be found here: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-extensions/0ei-UCHNm34 Although an attacker would need to first defeat Chrome's site isolation, the Chrome team and a prominent security researcher now recommends that all browser extension developers implement the necessary changes. To resolve this potential issue, Keeper now performs additional message checks to ensure the originator of the message, even in the case of a compromised Chrome browser. Special thanks to the security researcher who submitted the report to Keeper's security team via the Bugcrowd Bug Bounty program. For more information about the Keeper Security Bug Bounty Program or to submit a bug, please visit: https://bugcrowd.com/keepersecurity
Released on August 29th, 2019
This release encompasses new two-factor authentication functionality and a feature improvement along with bug fixes. Below you can find the summary of these items and their benefits.
Two-factor Authentication - This release adds new two-factor authentication functionality to our existing list of capabilities. The new method using TOTP (Time-based One-time Password) adds
tokens to records which are unique time-based multi-digit codes commonly used by websites and apps for two factor authentication and makes the capability available across the Chrome Web Store, Mozilla Add-ons and Windows Store. TOTP covers the following functionality:
Protects Two-Factor Codes in an encrypted vault record
Prevents lost access to a Two-Factor Code due to continuous backup
Synchronize Two-Factor Codes to multiple devices and computers
Sharing of Two-Factor Code among individual users & teams
Autofill Two-Factor Codes on most browsers
Emergency Access to your vault
Account Transfer of a user’s vault with Two-Factor codes to admin when off-boarding
Free trial users are restricted to 2 TOTP-enabled records
Changing a "Password Attach Save" to "Submit Button" - This feature improvement allows for the save password button to be attached to the save button in the confirmation screen as well as the submit button on the change password form of the site. This allows the user to skip the confirmation screen going forward.
Fix for Autofill issue filling out the UN/Pass on the wrong url
Fix for an issue which caused password changes to save the 2 FA to be saved as a custom field
Fix for clickjacking vulnerability
A multitude of record "lock" issues
Adding auto-submit restrictions from vault
A fix for a bug which caused custom field changes to not be published on incremental syncs
Released to BETA on August 16, 2019. Production ETA Aug 20, 2019.
Released on August 6, 2019
This is a bug fix release to address several site-specific Autofill issues. Chrome, Firefox and Edge browsers have been released. Safari will release with the next Desktop application update.
KeeperFill was removing some form elements of certain sites. The reason this was happening is because certain websites liked to inject an "eyeball" element to allow users to see the password that they were typing in. We attempted to control this by removing the feature of the target website, but unfortunately it caused issues with certain sites. This has been reverted and we have addressed the issue.
Resolved performance issues that affected the BlackBoard university systems.
Improved Fill issues on dozens of reported websites
Created Backend support for upcoming TOTP field types release
Security Update to Keeper Browser Extension published on July 20, 2019.
This update addresses a potential security vulnerability on the Keeper Browser Extension version 12.4.0. Within three hours of receiving the security researcher’s vulnerability report, Keeper Security’s development and security team released a new version of the Keeper Browser Extension to eliminate the risk associated with the reported vulnerability. The version number for Chrome and Firefox is 12.4.1. Version 12.4.0 has been blocked and is no longer available for use. Version 12.4.1 is now live on Chrome and Firefox app stores.
For the exploit to be realized, a sequence of conditions would be required which in turn, would impact the Keeper Browser Extension. No customer reported being affected by this issue.
Special thanks to Jun Kokatsu for the discovery and documentation of this issue.
The security researcher’s findings were reported via Keeper's Bugcrowd Public Vulnerability Disclosure Program today, marked on July 20, 2019 at 3:50AM PST. Discussions between Keeper’s Security Team and the security researcher occurred within three hours of receiving the researcher’s report. The issues disclosed in the report were accepted, validated and submitted for publication to the app stores, within five hours of receipt.
The security researcher reported that a user’s stored data could be read by a malicious website utilizing a cross-site scripting attack against the browser extension code.
In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:
The user must visit a malicious website using version 12.4.0 of the Keeper Browser extension released between July 19, 2019 at 7PM PST and July 20, 2019 9:35AM PST on Chrome or Firefox.
The Keeper user would require a password stored in their Keeper Vault for xyz.com.
The malicious website would then request the password and associated data stored for the size xyz.com upon visiting the malicious website.
The Keeper Browser Extension will auto-update from Chrome Web Store and Firefox Add-ons. The old extension version 12.4.0 which was released approximately 12 hours earlier has been disabled.
We appreciate the detailed report, reproduction steps and supporting documentation provided by the security researcher, Jun Kokatsu.
All security and vulnerability reports are managed and submitted to Keeper's Bugcrowd Public Vulnerability Disclosure program at:
Released on July 19, 2019
This is a major feature and bug fix release for the Chrome, Firefox, Edge and Safari browser extensions. This release has been published on Chrome and Firefox as of July 19, 2019. Microsoft Edge and Safari will be live as soon as they are approved by the App Store, ETA July 21, 2019.
Only show Lock Icon on Login and Registration Forms Feedback from customers is that the "Lock Icon" is showing on too many fields in websites and applications. With this update, the lock icons will only show on Login and Registration form fields. If accessing the extension is required on a field in which Keeper is not showing the lock, you can simply use the new right-click menu.
Location of Popups Based on customer feedback, we have moved the "Prompt to Save", "Prompt to Fill", "Prompt to Change" and "Prompt to Login" dialogs to the top right section of the web browser window, instead of obstructing the view over the login form. You can customize the location and animation that is used when displaying the popup screens. Visit the Settings -> Prompt Appearance screen.
Right-Click Menu You can now access many different and useful filling functions from the new Right-Click Menu. Fill logins, payment cards, addresses, and create new passwords with just one click.
Credit Card and Identity Info can now be filled on sites without the restriction of requiring a password stored for that site.
Autofill issues on several reported sites
Locks appearing in non-login forms
Improvements to the Admin Console enforcement policy to disable KeeperFill on specific sites/domains
Improved checks to prevent ability to fill a password into a non-password field
Record moved into a shared folder not recognized by extension until logout/login
Creating new address or payment record not appearing immediately
Released on July 12, 2019
This update addresses two reported potential security vulnerabilities affecting websites that have installed an IFrame from a malicious source. For the exploit to be realized, a sequence of conditions would be required which in turn, would impact the Keeper Browser Extension. No customer has reported being affected by this issue. Despite the fact that this is an extremely rare and improbable situation, Keeper takes all reported bugs seriously.
Within five hours of receiving the security researcher’s vulnerability report, Keeper Security’s development and security team released a new version of the Keeper Browser Extension to eliminate the risk associated with the reported vulnerabilities. The Keeper Browser Extension has been submitted to the app stores for publication. The version number for Chrome, Firefox and Edge is 12.3.7. The Safari version is 14.0.4.
Special thanks to Alesandro Ortiz for the discovery and documentation of this issue.
The security researcher’s findings were reported via Keeper's Bugcrowd Public Vulnerability Disclosure Program today, marked on July 12, 2019 at 2:51 PM PST and 2:53PM PST. Discussions between Keeper’s Security Team and the security researcher occurred within one hour of receiving the researcher’s report. The issues disclosed in the report were accepted, validated and submitted for publication to the app stores, within five hours of receipt.
The security researcher reported that a user’s website login credentials could potentially be autofilled into a website containing a malicious sandboxed IFrame to capture the user’s login credentials for that specific site.
In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:
The website owner / developer (e.g. xyz.com) must explicitly embed a malicious iFrame into their website’s HTML served from the same origin or another domain origin with "sandbox" property set that contains a login form.
The Keeper user would require a password stored in their Keeper Vault for xyz.com.
The Keeper user would need to visit the subject website, xyz.com.
The Keeper user would need to enable Autofill for the subject website, xyz.com, if prompted by the user's Keeper software. If the user previously clicked "Yes" on the Autofill prompt for site xyz.com, the user would not be prompted again.
Keeper then fills the password for the saved xyz.com site into the malicious iFrame which contains the sandbox property.
The security researcher reported that a user’s website login credentials could potentially be autofilled into a website containing a malicious IFrame, served from a different domain, to capture the user’s login credentials for that specific site.
In order for this potential vulnerability to result in an exploit of the user’s password for a website, the following conditions would need to exist:
The website owner / developer (e.g. xyz.com) must explicitly embed a malicious IFrame into their website's HTML served from an untrusted origin (e.g. somesite.com) that contains a login form, or the website owner has embedded a 3rd party library from an untrusted origin which injects a malicious IFrame.
The Keeper user would require a password stored in their Keeper Vault for xyz.com.
The Keeper user would need to visit the subject website, xyz.com.
The Keeper user would need to enable Autofill for the subject website, xyz.com, if prompted by the user's Keeper software. If the user previously clicked "Yes" on the Autofill prompt for site xyz.com, the user would not be prompted again.
Keeper then fills the password for the saved xyz.com site into the malicious IFrame served from a different domain.
It would be extremely unlikely and unusual for a website owner to purposely inject an untrusted IFrame into their page source from a different origin. Despite this, Keeper Security’s development team made the security improvements to its browser extension to prevent an autofill operation under the two reported scenarios.
The Keeper Browser Extension will auto-update from each respective app store (i.e. Mac Store, Chrome Web Store, Firefox Add-ons and Microsoft Edge Store).
We appreciate the detailed report, reproduction steps and supporting documentation provided by the security researcher, Alesandro Ortiz. If you have any questions regarding this update please email security@keepersecurity.com. Alesandro's website is https://AlesandroOrtiz.com.
All security and vulnerability reports are managed and submitted to Keeper's Bugcrowd Public Vulnerability Disclosure program at:
https://bugcrowd.com/keepersecurity
Released April 30, 2019
Released April 22, 2019
When creating a new account on a website, we made an improvement to simplify the user flow if the username or password is rejected at the target site.
ADFS SSO Login improvements
Don't Ask Again prompt not behaving to user expectation
Ability to edit a password without unmasking
Other site-specific issues
Releasing Chrome, Firefox, Opera and Edge on February 28, 2019. Note: Safari extensions are not available for update until version 14.0.0 which is deployed via the new Mac App Store.
Subdomain matching and sorting improvements. The sorting of records offered by the KeeperFill on-page login screen will prioritize the subdomain first, followed by the root domain matches. Within each subdomain, the results are sorted by date of last login.
Custom Field matching on website label form field is improved
Account Switching feature implemented for faster selection of previously used accounts
Support for upcoming Password Complexity role enforcement policy on Admin Console
Support Website Address matching on any custom field values
"Do not ask again" is not turning off Prompt to Login
Change Password "Yes" button on Firefox not working
KeeperFill not prompting immediately upon login
Firefox timing related bug fixes
Firefox issue with various websites reported by customers
Improved login to ConnectWise applications
Locks showing on some Date Pickers
Autofill not working for some Russian sites
Locks not showing on staples.com
Ignore email sign-up forms
Fix login for schwab.com
Fix auto-filling of multiple fields on registration forms
Turn off the Browser Extension on the Keeper Admin Console screen
Apple has implemented a major architecture change in Mac OS Mojave and Safari 12 in regards to browser extensions. In the past, the KeeperFill browser extension for Safari has shared a common development platform with Chrome, Firefox, Opera and Edge browsers. Apple now requires developers to publish browser extensions in the Mac App Store using a platform that is unique to the Mac OS ecosystem. We are currently creating a new version of KeeperFill for Safari 12 and Mojave that complies with our strict security requirements. We plan to publish the new Keeper Safari 12 soon. If you haven't updated to Mojave yet, we recommend waiting until the new KeeperFill extension is released. If you have already updated and are no longer able to use KeeperFill, you may use KeeperFill on Chrome, Firefox or Opera browsers until our new Safari extension is published.
Browser Extension Release 14.0.0 adds support for the Mac App Store
Major update to Browser Extensions for Chrome, Firefox, Edge, Opera.
Note: Safari extensions are not available for update until version 14.0.0 which is deployed via the new Mac App Store.
Improved overall user flow for performing "Change Password" on a website
Over 50 site-related bug fixes
Full support for Admin Console v13.1 role enforcement policies
Added "Prompt to Disable" feature
Show On/Off indicator on the status of each prompting feature
Hiding custom fields when masking is enabled
Apple has implemented a major architecture change in Mac OS Mojave and Safari 12 in regards to browser extensions. In the past, the KeeperFill browser extension for Safari has shared a common development platform with Chrome, Firefox, Opera and Edge browsers. Apple now requires developers to publish browser extensions in the Mac App Store using a platform that is unique to the Mac OS ecosystem. We are currently creating a new version of KeeperFill for Safari 12 and Mojave that complies with our strict security requirements. We plan to publish the new Keeper Safari 12 extension this month. If you haven't updated to Mojave yet, we recommend waiting until the new KeeperFill extension is released. If you have already updated and are no longer able to use KeeperFill, you may use KeeperFill on Chrome, Firefox or Opera browsers until our new Safari extension is published.
Sites with many input fields freeze the Edge browser
French website fixes with AutoFill
Duo Security issues in Edge browser
Custom field filling in subsequent pages
Amazon credit card filling
Browser Extension Release 12.3.1 adds support for improved subdomain filtering
Release date: December 10, 2018
Over 40 bug fixes
Select and fill proper record when launching from desktop or web vault
Mask passwords in Edit/New mode
Additional "equivalent domains" added
Localization / translation fixes
Enabled KeeperFill within the Keeper Admin Console
Full support for v13.1 Admin Console role enforcements are not completed.
Firefox BE is auto logging user after 5 minutes
Intralinks site prompts wrong message
Adding a char to notes and deleting it makes prompt freeze
Last record used not being saved for subdomain
Create a new record after editing a record doesn't generate new password
Prompt to Save leaves behind artifact on the screen
Cannot Save Address Edits
Can't create a new record if there's an existing record with the "disable edit" enforcement
Stripe payment widget not working with KeeperFill
Payment fill and new account registration fill on Shopify sites
Amazon.com loops at logout with auto submit
YubiKey issues
Missing Translations (Addresses, Set to Default)
UATP credit card type not being validated
Icon in the Windows store is missing
Google Sheets lock appears in input for conditional formatting
Paypal doesn't bring up prompt only in Safari browser
Autosubmit Not Working on United.com
Digital River e-commerce checkout page doesn't fill credit card
myclientline.net login form
CVC eyeball toggle not working
Password Strength Bar Not Showing Color
Check and X buttons for edit mode do not disappear after edit restriction error message
Twitter change password not working
Adobe account payment screen
Payment card doesn't work on Calendly.com
Credit card filling on Pagerduty.com
Credit card filling on Github.com
Credit card fill doesn't work on JIRA
Credit card filling on Monitis.com
Indeed.com credit card filling doesn't work
Restore Default Settings doesn't default logout timer
Save new password for an existing record does not open vault to view
Southwest.com Payment Fill
GitHub password reset not filling both fields
Console Popup issue
Browser Extension Release 12.3.0 contains a new user experience for "Change Password" flows to address all non-standard websites. In addition, we are completing all role enforcement policy changes for v13.1.0 Admin Console requirements.