There is a bug that the last used password leaks to the password manager 'LastPass'



It has been reported that the browser extension function of the password manager ' LastPass ' that helps manage multiple IDs and passwords leaks the authentication information of the last used site. LastPass has already released a modified version, and the extension will be updated automatically.

LastPass Bug Reported & Resolved-The LastPass Blog

1930-lastpass: bypassing do_popupregister () leaks credentials from previous site-project-zero-Monorail

Tavis Ormandy, a security researcher at Google Project Zero, reported the bug. If an attacker performs clickjacking exploiting a bug, the last site authentication information entered using LastPass may be extracted.

It is said that there was a potential danger due to a bug in the browser extension for Google Chrome and Opera, but just in case, the fix update is distributed for all browsers and the user side has a special operation It is automatically updated without having to. However, if you have turned off automatic extension updates, you must update manually.

in Security, Posted by logc_nt