LastPass has advised all users of the password manager to launch sites directly from the LastPass vault and enable two-factor authentication wherever possible, until it addresses a vulnerability discovered in LastPass browser extensions.

The client-side vulnerability, discovered by Google security researcher Tavis Ormandy, allows for an attack that is "unique and highly sophisticated", said LastPass in a blog post, without disclosing further details.

C7yXCacVQAAXz8T

Over the weekend, Google security researcher Tavis Ormandy reported a new client-side vulnerability in the LastPass browser extension. We are now actively addressing the vulnerability. This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete.

To secure sign-in credentials in the meantime, LastPass has recommended that users launch sites directly from the vault and make use of two-factor authentication on sites that offer it, while remaining vigilant to avoid phishing attempts.

The news follows the discovery and successful patching of earlier remote code execution (RCE) vulnerabilities that could be used to steal passwords from extensions for Firefox, Chrome, Opera, and Edge. Safari was not mentioned in the original vulnerability alert, while mobile apps were not affected, but concerned users can follow the advice regardless until LastPass offers further news on the situation.

Top Rated Comments

keysofanxiety Avatar
97 months ago
Great idea, keep all your passwords in one location...
It's a much better idea than using the same password for 50 different websites.
Score: 6 Votes (Like | Disagree)
maflynn Avatar
97 months ago
Last Pass is good enough for Steve Gibson (if you don't know who he is, look him up), and it's good enough for me.
It may be good enough for him, but I'd rather not go with a product that has had numerous issues with vulnerabilities and hacking. Regardless of his security chops, I think storing your data with a company that has such a poor track record of securing your data is not the best move imo.
Score: 3 Votes (Like | Disagree)
burgman Avatar
97 months ago
No, I have the app on my iPad and Mac as well. They don't link with each other I manually have put in my passwords.

And besides if I lose my phone I have a backup on my Mac and in iCloud.

It's like anything if you lose your phone.
So your first post isn't true, you do use cloud services to store passwords.
Score: 1 Votes (Like | Disagree)
iapplelove Avatar
97 months ago
So your first post isn't true, you do use cloud services to store passwords.
First I'm not looking for an argument don't know why people are hating on me. I do not use password services that use the cloud. This is what I was referring to.

I only use iCloud for backups if I am having issues with my Mac which is the main place where I backup my devices.

I don't understand the hostility here?
Score: 1 Votes (Like | Disagree)
zzLZHzz Avatar
97 months ago
I use a simple password app, that doesn't connect to the internet doesn't use the cloud etc.

It's simply just a place to store all my passwords in one place and I just look them up when I need them.

I will never ever use any kind of password service.
what if you lose your phone (i assume the app is on your phone)? won't you lose those password?
Score: 1 Votes (Like | Disagree)
geenosr Avatar
97 months ago
Last Pass is good enough for Steve Gibson (if you don't know who he is, look him up), and it's good enough for me. I've used it for many years and while nothing is ever foolproof, LP is about as good as it gets. They will have this fixed soon and I for one appreciate their transparency.
Score: 1 Votes (Like | Disagree)

Popular Stories

Generic iOS 18 Feature Real Mock

iOS 18 Coming Later This Month With These 8 New Features

Tuesday September 3, 2024 12:07 pm PDT by
iOS 18 has been in beta testing for nearly three months, and the software update will finally be released for all compatible iPhones soon. Apple should reveal iOS 18's exact release date during its September 9 event, with the most likely possibility being Monday, September 16. Below, we have highlighted eight key new features included in iOS 18. Note that Apple Intelligence is not coming...
iPhone 16 Side New Action Button Emphasis Bump

iPhone 16 Apple Silicone Cases Have No Cutout for New Capture Button

Wednesday September 4, 2024 3:19 am PDT by
Apple is introducing a new camera-based "Capture" button on at least some iPhone 16 models this year, and a new rumor claims that Apple's own silicone cases will have a design that is specially made so as not to impede the use of the capacitive button's multiple functions. Several rumors have suggested that the iPhone 16 models are going to have an all-new button that's designed to make it...
iOS 18 CarPlay Feature

iOS 18 Adds These 6 New Features to CarPlay

Tuesday September 3, 2024 12:59 pm PDT by
Apple did not mention CarPlay when it unveiled iOS 18 in June, but the update includes a handful of new features for the in-car iPhone system. iOS 18 includes some changes to the Messages app, Settings app, and Siri on CarPlay. The update should be widely released later in September. Below, we recap CarPlay's key new features on iOS 18. 1. Contact Photos in Messages App iOS 18 adds...
sonny iphone 16 pro colors

New iPhone 16 and iPhone 16 Pro Colors Revealed Ahead of Apple Event

Friday September 6, 2024 5:01 am PDT by
Apple is "shaking up its color palette" for its iPhone 16 lineup this year, according to well-connected Bloomberg reporter Mark Gurman. Early iPhone 16 Pro dummy models via Sonny Dickson According to Gurman, the iPhone 16 Pro models will come in a Gold Titanium to replace Blue Titanium, while the Black, White, and Natural Titanium options that debuted with the iPhone 15 Pro will remain...
iPhone 16 Pro Mock Article

iPhone 16 Launch Month Is Here: Everything We Know

Sunday September 1, 2024 4:30 am PDT by
Apple has announced that on Monday, September 9 it will hold its annual fall event, which means we are just days away from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. ...
its glowtime event youtube

Report Details Last-Minute Apple Event Rumors About New iPhones, Apple Watches, and AirPods

Friday September 6, 2024 4:40 am PDT by
Bloomberg's Mark Gurman today shared his final expectations for Apple's "It's Glowtime" event, providing some new tidbits and clarifications about the new devices set to be announced on Monday. iPhone 16 Pro Along with larger 6.3- and 6.9-inch display sizes, the iPhone 16 Pro and iPhone 16 Pro Max will have bezels that are "now about a third slimmer" for a "sleeker overall look." The...
Generic iOS 18 Feature Real Mock

When to Expect iOS 18 on Your iPhone as Beta Testing Wraps Up

Wednesday September 4, 2024 10:50 am PDT by
iOS 18 has been in beta testing for nearly three months, and the software update should finally be widely released later this month. Below, we outline when to expect iOS 18 to be available on all compatible iPhones. iOS 18: Beta Testing Wraps Up In his Power On newsletter last weekend, Bloomberg's Mark Gurman said iOS 18 beta 8 will likely be the final developer beta version for the...