Password-stealing flaws in LastPass Chrome and Firefox extensions

Click here to visit Original posting

Tavis Ormandy, a security researcher on Google’s Project Zero team, warned of flaws in LastPass browser extensions, vulnerabilities which – if a person surfed to a malicious site – would allow the malicious site to steal passwords from the password manager.

LastPass said it patched the vulnerability in its Chrome extension and said it is working on a fix for the flaw in its Firefox add-on.

Ormandy originally said the LastPass bug affected 4.1.42 Chrome and Firefox browser extensions. He developed a working exploit for a Windows box running the LastPass Chrome extension, but said it “could be made to work on other platforms.” He sent the details to LastPass before adding:

To read this article in full or to leave a comment, please click here

Password-stealing flaws in LastPass Chrome and Firefox extensions

After a new Intel CPU for less? Try your luck with a Japanese Gachapon

Windows 11 laptops could finally take on M3 MacBooks thanks to Qualcomm – but Microsoft needs to do its part too

Fed up with Windows 10 search being slow, wonky, or crashing? Microsoft’s fixed search with its latest update

Fallout season 2: everything we know about the hit Prime Video show’s return