# Browser Extension Version 17.10.0

## Overview <a href="#summary" id="summary"></a>

Keeper Browser Extension version 17.10.0 introduces expanded passkey authentication support for external security keys, direct linking to release notes from the extension, various UI/UX improvements and bug fixes.

{% hint style="info" %}
Going to preview soon.
{% endhint %}

## Improvements <a href="#improvements" id="improvements"></a>

**BE-7526:** Security Key Support for Biometric Login

You can now use external security keys (such as YubiKeys) for biometric login in the browser extension, alongside built-in platform authenticators like Apple Passwords and Windows Hello. This adds support for passkeys backed by cross-platform authenticators (`authenticatorAttachment: "cross-platform"`), including USB security keys and hybrid/mobile-device flows.

All passkey-based first-factor authentication requests continue to require user verification (`userVerification: "required"`), ensuring the user must complete biometric verification, PIN entry, or another authenticator-level verification step before authentication succeeds. Administrators can also enforce policies restricting authentication to either on-device platform authenticators or external security keys only.

**For Admins:** Admin Console upcoming release 17.9.1 introduces new passkey authentication enforcement controls. Administrators can now allow or deny passkey login entirely, and if enabled, restrict authentication to either external security keys or on-device authenticators. When no restriction is configured, both authentication methods remain available to users.

<figure><img src="/files/o3WksBv9TkvqVO0dgQey" alt=""><figcaption></figcaption></figure>

[Commander CLI](/en/keeperpam/commander-cli/overview.md) can be used to set the new restriction values ahead of the Admin Console release:

To restrict to only allow security keys:

{% code overflow="wrap" %}

```
er "Biometrics Restricted" --enforcement "RESTRICT_PLATFORM_PASSKEY_LOGIN:True"
```

{% endcode %}

To restrict to allow only on-device authenticators:

{% code overflow="wrap" %}

```
er "Biometrics Restricted" --enforcement "RESTRICT_CROSS_PLATFORM_PASSKEY_LOGIN:True"
```

{% endcode %}

***

**BE-7426:** The version number displayed on the Settings page of the browser extension is now a clickable link. Clicking the link will take you directly to the release notes for your current version, making it easy to see what's new or changed.

## Bug Fixes

* **BE-7538:** Issue where the Custom URL launcher fails to navigate when the target URL shared the same root domain but had a different path.
* **BE-7524:** AI auto-submit lacks per-field timing safety and submit-button detection.
* **BE-7523:** AI detection bypasses input-filter and autofill-gate exception lists from V1.
* **BE-7514:** Text within security key field causes autofill toggles to be cut off.
* **BE-7513:** Issue with "what's new" animation for password-manager-disable.
* **BE-7503:** AI detection path breaks custom-field autofill.
* **BE-7502:** AI detection path breaks core autofill flows.
* **BE-7501:** AI detection path bypasses Fixinator patches.
* **BE-7473:** Keeper fills into disabled input fields, causing autofill failures on multi-step login forms.
* **BE-7471:** UI positioning issue with the autofill dialog when multiple logins are associated with a single site.
* **BE-7460:** Incorrect padding under required title field message.
* **BE-7437:** Assorted layout and formatting issues for dropdowns, edit window and record edit.
* **BE-7429:** Sort order of Keeper lock popup vault record selector does not put favorites first.
* **BE-7391:** Incorrect font color of Verify Mode title.
* **BE-7357:** TOTP scanner info toast is off-center.
* **BE-7325:** Device/Session Management error messages fail to appear.
* **BE-7269:** Accessibility highlighting frame is truncated.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://newdocs.keeper.io/en/release-notes/browser-extensions/browser-extension/browser-extension-version-17.10.0.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.