I was on site X earlier and entered a new password. The Chrome extension prompted me to save the updated password, which I did.
I am now on site Y, which shares absolutely nothing in common with site X, and it is entering the wrong username and password.
Looking at site Y in Enpass to find out why, I see it is showing URL for site Y, but the username, password, and webform details from site X!
Looking at site X in Enpass, I see it hasn't saved the updated password either. It's only saved it to (overwritten) site Y.
How on earth does this even happen? This is obviously a MAJOR security flaw as it is sending a password for one site to a completely different site that may be malicious.
Enpass 6.1.1 (451)
-davidc