Author Topic: LastPass Chrome & Firefox Extensions Affected by Critical Bug  (Read 188 times)

0 Members and 1 Guest are viewing this topic.

Offline Quizmaster

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Posts: 23301
    • Smokey's Security Forums
  • .: Surf Queen
LastPass Chrome & Firefox Extensions Affected by Critical Bug
« Reply #1 on: March 22, 2017, 01:27:23 AM »
LastPass Chrome & Firefox Extensions Affected by Critical Bug
21 March 2017, 11:54 pm

LastPass, the password vault that you were supposed to trust with your information, was affected by a critical security flaw. Thankfully, the company has already patched things up. 

This wasn't even some very complicated problem, but rather a coding error. At least that's the opinion of Google's Tavis Ormandy, security expert that has detected numerous problems over the years, including the recent Cloudflare incident. 

The white hat found the issue within the LastPass Chrome extension. According to Ormandy, the extension had an exploitable content script that could be attacked to extract passwords from the manager. It could also be pushed to execute commands on the victim's computer, which the Google hacker demonstrated easily. 

"This script will proxy unauthenticated window messages to the extension. This is clearly a mistake," Ormandy writes.

Nothing was safe

Since La... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks