![]() "We have now resolved this bug no user action is required and your LastPass browser extension will update automatically," the company said in a blog post on Monday. The good news is that the company patched the problem last week with version 4.33.0 of the LastPass extension. For instance, a cybercriminal could spread links to tampered websites to secretly prey on LastPass users. The bug is valuable for any hackers seeking to phish users' passwords. The victim would simply need to click on the malicious page several times to cause the credential to leak. ![]() To exploit it, a hacker could create a malicious website designed to fetch the password entry from a Lastpass Chrome extension user. The bug can trigger the extension to expose the last login credential it filled out. However, last month Google security researcher Tavis Ormandy noticed a problem in the background processes.
0 Comments
Leave a Reply. |