The flaw consisted of missing inter-process validations, which could have allowed an attacker to hijack the 1Password browser extension or command line interface. Source link