LastPass Working on Security Patch For Browser Extension Vulnerability

by

LastPass has advised all users of the password manager to launch sites directly from the LastPass vault and enable two-factor authentication wherever possible, until it addresses a vulnerability discovered in LastPass browser extensions.

The client-side vulnerability, discovered by Google security researcher Tavis Ormandy, allows for an attack that is "unique and highly sophisticated", said LastPass in a blog post, without disclosing further details.

Over the weekend, Google security researcher Tavis Ormandy reported a new client-side vulnerability in the LastPass browser extension. We are now actively addressing the vulnerability. This attack is unique and highly sophisticated. We don’t want to disclose anything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties. So you can expect a more detailed post mortem once this work is complete.

To secure sign-in credentials in the meantime, LastPass has recommended that users launch sites directly from the vault and make use of two-factor authentication on sites that offer it, while remaining vigilant to avoid phishing attempts.

The news follows the discovery and successful patching of earlier remote code execution (RCE) vulnerabilities that could be used to steal passwords from extensions for Firefox, Chrome, Opera, and Edge. Safari was not mentioned in the original vulnerability alert, while mobile apps were not affected, but concerned users can follow the advice regardless until LastPass offers further news on the situation.

Top Rated Comments

(View all)
Avatar
47 months ago

Great idea, keep all your passwords in one location...

It's a much better idea than using the same password for 50 different websites.
Score: 6 Votes (Like | Disagree)
Avatar
47 months ago

Last Pass is good enough for Steve Gibson (if you don't know who he is, look him up), and it's good enough for me.

It may be good enough for him, but I'd rather not go with a product that has had numerous issues with vulnerabilities and hacking. Regardless of his security chops, I think storing your data with a company that has such a poor track record of securing your data is not the best move imo.
Score: 3 Votes (Like | Disagree)
Avatar
47 months ago

No, I have the app on my iPad and Mac as well. They don't link with each other I manually have put in my passwords.

And besides if I lose my phone I have a backup on my Mac and in iCloud.

It's like anything if you lose your phone.

So your first post isn't true, you do use cloud services to store passwords.
Score: 1 Votes (Like | Disagree)
Avatar
47 months ago

So your first post isn't true, you do use cloud services to store passwords.

First I'm not looking for an argument don't know why people are hating on me. I do not use password services that use the cloud. This is what I was referring to.

I only use iCloud for backups if I am having issues with my Mac which is the main place where I backup my devices.

I don't understand the hostility here?
Score: 1 Votes (Like | Disagree)
Avatar
47 months ago

I use a simple password app, that doesn't connect to the internet doesn't use the cloud etc.

It's simply just a place to store all my passwords in one place and I just look them up when I need them.

I will never ever use any kind of password service.

what if you lose your phone (i assume the app is on your phone)? won't you lose those password?
Score: 1 Votes (Like | Disagree)
Avatar
47 months ago
Last Pass is good enough for Steve Gibson (if you don't know who he is, look him up), and it's good enough for me. I've used it for many years and while nothing is ever foolproof, LP is about as good as it gets. They will have this fixed soon and I for one appreciate their transparency.
Score: 1 Votes (Like | Disagree)

Top Stories

Samsung Mocks Apple for Ditching Power Adapters With iPhone 12 Lineup

Thursday October 15, 2020 11:51 am PDT by
Samsung on its social channels is mocking Apple for removing the power adapter from the iPhone 12 lineup and other iPhone models, pointing out the fact that the Samsung Galaxy smartphones continue to ship with a power adapter. "Included with your Galaxy," reads a Samsung Facebook post that features a picture of a power adapter. Apple notably is no longer providing power adapters or...

iPhone 12 Pro Pre-Orders Already Selling Out With Delivery Times Pushing Into November

Friday October 16, 2020 6:35 am PDT by
Apple today opened pre-orders for the 6.1-inch models of the iPhone 12 and iPhone 12 Pro through its website and the Apple Store app, and estimated delivery times are already slipping into November for select configurations in the United States. Customers ordering a SIM-free/Pacific Blue/128GB version of the iPhone 12 Pro, for example, are already facing an estimated delivery window of...

HomePod Mini Cable is Non-Detachable, Ends With USB-C Connector for Use With Included 20W Power Adapter

Friday October 16, 2020 12:45 pm PDT by
While not detailed in the tech specs, MacRumors can confirm that Apple's new HomePod mini features a non-detachable power cable that ends with a USB-C connector for use with the 20W power adapter included in the box. With the switch to USB-C, the HomePod mini could potentially be powered by a wider range of devices and peripherals, ranging from MacBooks to USB-C battery packs with enough...

Apple's New MagSafe Charger and Cases Begin Arriving to Customers

Saturday October 17, 2020 10:10 am PDT by
Apple's new MagSafe charger and cases have begun arriving to some customers earlier than expected, and images of the accessories have started to surface on Twitter. The photos provide a first look at the products in real-world use. As of writing, some MagSafe cases are also available for pickup at select Apple Stores in countries like the United States, Canada, and Germany. Filip...

New Google App Feature Lets You Hum a Song to Search for It

Saturday October 17, 2020 4:05 am PDT by
Google has added a new feature to its Search app that allows you to hum a song that's stuck in your head, and then use the company's machine learning algorithm to try and identify it. In the Google app or using the Google Search widget, tap the mic icon and say "what's this song?" or click the "Search a song" button. Then start humming the tune for 10-15 seconds. When you're done, the...

Brazilian Certifications Suggest iPhone 12 Mini Features 2,227mAh Battery and iPhone 12 Has 2,815mAh Battery

Friday October 16, 2020 1:08 pm PDT by
Apple's iPhone mini has the shortest battery life out of all the iPhones in the iPhone 12 lineup due to its small size, but Apple has not provided public information about the battery's capacity. A regulatory filing from Brazil, however, suggests the iPhone 12 mini has a battery capacity of 2,227mAh. The same regulatory information says the iPhone 12 features a 2,815mAh battery, which is...

Apple Offering Free AirPods With iPhone 11 Purchase in India as Part of Diwali Celebration

Friday October 16, 2020 12:35 pm PDT by
Apple today launched a new Diwali promotion in India that will see the company providing customers with a set of AirPods with the purchase of any iPhone 11 model. The new iPhone 12 models are not part of the promotion. Apple is offering the standard AirPods With Charging Case free with purchase, but customers can choose to upgrade to the AirPods with Wireless Charging Case or the AirPods Pro....

Apple Event to Unveil First Apple Silicon Macs Could Happen on November 17

Friday October 16, 2020 2:24 am PDT by
Apple will hold another digital event on November 17 to announce its first Apple Silicon powered Macs, according to frequent leaker Jon Prosser. Apple has already said that this year it intends to introduce the first Mac powered by an Apple Silicon chip instead of an Intel processor. One thing it hasn't revealed is the date it will be announced. According to Prosser's source, that date is No...

Apple Online Store Down Ahead of iPhone 12 and 12 Pro Pre-Orders

Thursday October 15, 2020 11:15 pm PDT by
Apple's online store is down ahead of iPhone 12 and iPhone 12 Pro pre-orders, which are set to begin at 5:00 a.m. Pacific Time in the United States. "You're... early," reads the Apple Store message when attempting to visit the U.S. website. "Pre-order begins at 5:00 a.m. PDT. Enjoy the extra sleep." Apple used to do new device pre-orders at 12:01 a.m. Pacific Time, but since last year, has...

When You Can Pre-Order the iPhone 12 and 12 Pro in Every Time Zone

Thursday October 15, 2020 10:55 am PDT by
Pre-orders for the iPhone 12 and the iPhone 12 Pro are set to kick off on Friday, October 16 at 5:00 a.m. Pacific Time, which is a new launch time that Apple adopted as of last year. Apple is planning to make the new devices available in multiple countries around the world simultaneously, so we've made a guide to let MacRumors readers know when pre-orders will in their country. Pre-orders...