LastPass Fixes Bugs That Could Have Exposed User Info

Password manager LastPass has fixed 2 vulnerabilities that afflicted many of its app's browser extensions. Simply the visitor said in that location were no reports of hackers exploiting the vulnerabilities and that users don't need to alter their stored passwords.

SecurityWatch The vulnerabilities, which Google security researcher Tavis Ormandy discovered earlier this month, could have allow malicious websites steal site credentials that users saved in their LastPass accounts. Afterwards luring users to a malicious site, an aggressor could and so access the LastPass APIs and run arbitrary code while actualization equally a trusted party, LastPass explained.

One of the vulnerabilities affects the LastPass browser extension for an older version of the Firefox browser, while the other affects all versions of the LastPass extension for Edge, Chrome, and Firefox.

LastPass said information technology has updated its browser extension to remove the 2d problems, which it described in a blog mail service as an issue with an experimental "consumer onboarding feature." Every bit of Midweek afternoon, updates are live for the Firefox and Chrome browsers, while the Edge update is currently pending app store approval.

"We accept no indication that any of the reported vulnerabilities were exploited in the wild, but we're doing a thorough review at this time to confirm," the company wrote in the blog mail. For at present, information technology says, no countersign changes are required.

Although the threat of attackers using malicious websites to trick users is nix new, it is specially worrisome for companies similar LastPass, whose software is designed to shop passwords and other credentials for numerous websites and services. The visitor said it is reviewing and strengthening its code review procedure for experimental features.