Password-stealing flaws in LastPass Chrome and Firefox extensions

Credit to Author: Darlene Storm| Date: Wed, 22 Mar 2017 06:25:00 -0700
Tavis Ormandy, a security researcher on Google’s Project Zero team, warned of flaws in LastPass browser extensions, vulnerabilities which – if a person surfed to a malicious site – would allow the malicious site to steal passwords from the password manager.
LastPass said it patched the vulnerability in its Chrome extension and said it is working on a fix for the flaw in its Firefox add-on.
Ormandy originally said the LastPass bug affected 4.1.42 Chrome and Firefox browser extensions. He developed a working exploit for a Windows box running the LastPass Chrome extension, but said it “could be made to work on other platforms.” He sent the details to LastPass before adding:
To read this article in full or to leave a comment, please click here




