Google bug hunter extraordinaire Tavis Ormandy discovered the vulnerability which was in how the browser extension generated pop-up windows, and informed LastPass’s developers.ĭetails of the flaw were only made public after a security fix was published. If you want to double-check the version number of your LastPass browser extension, click on the LastPass icon in the corner of your browser’s menu, and select the “Tools” option from the submenu.Ĭhoosing “About LastPass” will then show you the version number and build date of the browser plugin. LastPass version 4.33.0 and later fix the vulnerability, and according to the developers users’ browser extensions will update automatically without any user action required. This exploit may result in the last site credentials filled by LastPass to be exposed.”Įven though there’s no evidence that the flaw was maliciously exploited, it makes sense to patch it. “To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times.
0 kommentar(er)
