• Home
  • Apps
  • Apps News
  • LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix

LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix

Share on Facebook Tweet Share Reddit Comment
LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix
Highlights
  • The vulnerabilities were reported by Google researcher Tavis Ormandy
  • LastPass responded to say it's working on a fix
  • Neither Ormandy or LastPass have provided details about the vulnerability

Internet vulnerabilities are becoming more common with each passing day, and LastPass is no stranger to these. LastPass is a widely used password management service, and just last week, a Google Project Zero researcher named Tavis Ormandy had pointed out several vulnerabilities in the service that were patched up shortly after. Now however, a new vulnerability has come to light, and the password management service says it is working to fix it.

Once again reported by Ormandy, the client-side vulnerability allows for remote code execution (RCE) in the LastPass v4.1.43 extension for Chrome. Ormandy on Sunday shared details with LastPass, which on the same day said it was aware of the issue and asked users to stay tuned for more details.

In a blog post on Monday, LastPass said it is "actively addressing the vulnerability", and that the attack demonstrated by Ormandy was "unique and highly sophisticated." It didn't reveal any further details.

"We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete."

"In the meantime, we want to thank people like Tavis who help us raise the bar for online security with LastPass, and work with our teams to continue to make LastPass the most secure password manager on the market," LastPass wrote in its blog post on Monday.

In the post, LastPass also laid down some best practices for users, including using the LastPass Vault as a launch pad, enabling two-factor authentication on any service that offers it, and to be wary of phishing attacks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Google Home, Wifi Break US-Exclusivity, Will Go on Sale in the UK on April 6
Tencent Takes 5 Percent Stake in Tesla

Related Stories

 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.