"We have now resolved this bug no user action is required and your LastPass browser extension will update automatically," the company said in a blog post (Opens in a new window) on Monday. The good news is that the company patched the problem last week with version 4.33.0 of the LastPass extension. For instance, a cybercriminal could spread links to tampered websites to secretly prey on LastPass users. The bug is valuable for any hackers seeking to phish users' passwords. The victim would simply need to click on the malicious page several times to cause the credential to leak. To exploit it, a hacker could create a malicious website designed to fetch the password entry from a Lastpass Chrome extension user. The bug can trigger the extension to expose the last login credential it filled out. However, last month Google security researcher Tavis Ormandy noticed (Opens in a new window) a problem in the background processes. The fill-in process occurs when the user clicks the LastPass "…'" icon appearing in login fields. The company's extension, which has more than 10 million users, works by automatically filling in the passwords on account logins. A bug in the software can be exploited to leak users' login credentials in the event they visit a hacker-controlled website. LastPass is advising users to update the Chrome extension for its password manager. How to Set Up Two-Factor Authentication.How to Record the Screen on Your Windows PC or Mac.How to Convert YouTube Videos to MP3 Files.How to Save Money on Your Cell Phone Bill.How to Free Up Space on Your iPhone or iPad.How to Block Robotexts and Spam Messages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |