The Chrome and Opera browser extensions for the freemium password manager LastPass contained a vulnerability that could be exploited to make the application leak login credentials, a security researcher with Google recently discovered.
In order to exploit the bug, threat actors needed to get victims to visit a malicious website and to click on the page multiple times. If successful, the exploit could “result in the last site credentials filled by LastPass to be exposed,” LastPass acknowleged. The company patched the vulnerability on September 12.
Read more: LastPass Patches Bug Leaking Last-Used Credentials