You need to use page layout version 2.1.2 or later in order for the embedded password reset to work so that the application doesn't need to handle the AADB2C90118 error. Otherwise your users will encounter the AADB2C90118 by default if you haven't set your application up to handle the error code and invoke a specific password reset policy. Without the policy, the users will see "The user has forgotten their password" when they click on the "forgot password" link.
If you are already using the correct version, could you please share your claims schema and technical profiles and verify that they match the guidance on the password reset custom policy page?
Edited with additional comment from David Wong:
The environment had content customization, so the template version set in the TrustFrameworkBase.xml version got overridden in TrustFrameworkExtensions.xml. Also, for all of us who need to use the new template, the localization string ID got changed, so you will have to adjust accordingly as well; see:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/localization-string-ids