Password management service LastPass fixed a critical error that could lead to the leak of account information entered on a previously visited site. To maintain security, users of the manager need to install the latest version of the application.
The vulnerability was discovered by computer security researcher Tavis Ormandy on August 29. LastPass developers released the update on September 12, after which information about the found error was published. According to information from the password manager developers, attackers could exploit the vulnerability by luring users to enter credentials using the LastPass icon on a fake site. The error was found only in the Chrome and Opera browsers.
Users do not need to take any action to receive the update. Representatives of the service report that browser extensions should be updated automatically. However, if you have disabled the automatic update function, it is recommended that you update it manually. Check the version of the installed extension, current from September 12 under the number 44.33.0.
The detected error is not a reason for a complete rejection of password managers. They continue to play an essential role in network security. As is the case with any other application and service, the code is written by people manually, therefore errors may occur. This case proves once again that for a high level of security, in addition to a complex password, do not forget to use two-factor authentication where possible.