LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix

Advertisement
By Shubham Verma | Updated: 28 March 2017 20:23 IST
Highlights
  • The vulnerabilities were reported by Google researcher Tavis Ormandy
  • LastPass responded to say it's working on a fix
  • Neither Ormandy or LastPass have provided details about the vulnerability
LastPass Acknowledges New Vulnerability in Browser Extension, Says It's Working on a Fix

Internet vulnerabilities are becoming more common with each passing day, and LastPass is no stranger to these. LastPass is a widely used password management service, and just last week, a Google Project Zero researcher named Tavis Ormandy had pointed out several vulnerabilities in the service that were patched up shortly after. Now however, a new vulnerability has come to light, and the password management service says it is working to fix it.

Once again reported by Ormandy, the client-side vulnerability allows for remote code execution (RCE) in the LastPass v4.1.43 extension for Chrome. Ormandy on Sunday shared details with LastPass, which on the same day said it was aware of the issue and asked users to stay tuned for more details.

In a blog post on Monday, LastPass said it is "actively addressing the vulnerability", and that the attack demonstrated by Ormandy was "unique and highly sophisticated." It didn't reveal any further details.

"We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete."

Advertisement

"In the meantime, we want to thank people like Tavis who help us raise the bar for online security with LastPass, and work with our teams to continue to make LastPass the most secure password manager on the market," LastPass wrote in its blog post on Monday.

In the post, LastPass also laid down some best practices for users, including using the LastPass Vault as a launch pad, enabling two-factor authentication on any service that offers it, and to be wary of phishing attacks.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. AppleCare One Announced; Lets You Add Up to 3 Devices Under a Single Plan
  2. Realme 15 5G Series Launching Today: All You Need to Know
  3. Google Pixel 10 Lineup Accidentally Leaked via Play Store Banner
  4. Itel Super Guru 4G Max Launched in India With Built-In AI Voice Assistant
  5. Moto G86 Power India Launch Date Confirmed: Check Features, Colour Options
  6. Upcoming Redmi Smartphone in India With Battery Could Be the Redmi 15 5G
  7. OnePlus Pad Lite Launched in India With 11-Inch Display, 9,340mAh Battery
  8. Pioneer VREC-H320SC Dashcam Review
  9. Samsung Galaxy S26 Edge Tipped to Come With Two Major Upgrades
  1. Qi2 25W Wireless Charging Specification Announced; WPC Says 'Major Android Smartphones' to Join Ecosystem
  2. Google Pixel 10 Pro Fold Leaked Design Renders Showcase New Colour Options
  3. Samsung Galaxy S26 Edge Tipped to Be Thinner Than Its Predecessor, Could Pack a Larger Battery
  4. Google Pixel 10 Series Reportedly Leaked via Play Store Banner; Official Dimensions Surface
  5. AppleCare One Subscription Announced; Lets You Add Up to 3 Devices Under One Plan
  6. Realme 15 5G Series Launching Today: Know Price in India, Features and Specifications
  7. SpaceX Launches Two O3b mPOWER Satellites, Successfully Lands Falcon 9 Booster at Sea
  8. Astronomers Solve Betelgeuse’s 6-Year Dimming Mystery by Spotting Secret Companion Star
  9. Google I/O Connect India 2025: Eight Indian Startups Showcased Applications Built With Google's AI Models
  10. Microsoft Knew of SharePoint Security Flaw but Failed to Effectively Patch It, Timeline Shows
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.