• Home
  • Apps
  • Apps News
  • LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix

LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix

LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix
Highlights
  • The vulnerabilities were reported by Google researcher Tavis Ormandy
  • LastPass responded to say it's working on a fix
  • Neither Ormandy or LastPass have provided details about the vulnerability
Advertisement

Internet vulnerabilities are becoming more common with each passing day, and LastPass is no stranger to these. LastPass is a widely used password management service, and just last week, a Google Project Zero researcher named Tavis Ormandy had pointed out several vulnerabilities in the service that were patched up shortly after. Now however, a new vulnerability has come to light, and the password management service says it is working to fix it.

Once again reported by Ormandy, the client-side vulnerability allows for remote code execution (RCE) in the LastPass v4.1.43 extension for Chrome. Ormandy on Sunday shared details with LastPass, which on the same day said it was aware of the issue and asked users to stay tuned for more details.

In a blog post on Monday, LastPass said it is "actively addressing the vulnerability", and that the attack demonstrated by Ormandy was "unique and highly sophisticated." It didn't reveal any further details.

"We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete."

"In the meantime, we want to thank people like Tavis who help us raise the bar for online security with LastPass, and work with our teams to continue to make LastPass the most secure password manager on the market," LastPass wrote in its blog post on Monday.

In the post, LastPass also laid down some best practices for users, including using the LastPass Vault as a launch pad, enabling two-factor authentication on any service that offers it, and to be wary of phishing attacks.

Comments

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

Google Home, Wifi Break US-Exclusivity, Will Go on Sale in the UK on April 6
Tencent Takes 5 Percent Stake in Tesla
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »