It is quite hard to remember passwords for every other site, that is where LastPass comes to the rescue. But, recently LastPass has pushed out a patch for a bug fix that could have lead to hackers extracting passwords using LastPass’s browser extension.
A researcher from Google Project Zero Tavis Ormandy first discovered the bug and informed the company about the vulnerability so that they could fix the issue before hackers could break it down and steal the passwords.
An automatic update released by Lastpass has fixed the issue for all the browsers but the company has asked users to verify the users if they are on the latest version or not.
The LastPass Bug.
The bug works by itself forcing users to go to malicious sites and that’s where the LastPass browser extension is tricked into using the passwords from the sites that are visited by the user previously.
As per Ormandy’s statement, attackers could have potentially used Google translate to restructure a malicious URL and trick users into visiting a site.
According to the company the update will be done automatically but it is still asking users to check out the latest version of their browser extension. If you are using a browser that has automatic updates for extensions turned off, you should definitely check out the version of your LastPass browser extension.
The latest version released by the company is 4.33.0 for the browser extension. The only affected browsers are Chrome and Opera browsers.