Candlelites

Everything from Everywhere

lastpass acknowledges browser extension vulnerability, working on fix

lastpass acknowledges browser extension vulnerability, working on fix News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



lastpass acknowledges browser extension vulnerability, working on fix

lastpass browser extension (lastpass) lastpass on monday acknowledged a remote code execution vulnerability that affects version 4.1.42 of the lastpass extension on chrome. the client side vulnerability was discovered over the weekend by google project zero researcher tavis ormandy. "we are now actively addressing the vulnerability. this attack is unique and highly sophisticated," lastpass wrote in a blog post. national security fbi, cia launch investigation into wikileaks file dump the agencies say the release of cia documents to the public should be considered "deeply troubling."lastpass didn't give specifics about the vulnerability or when a fix may be released, but promised more details when the issue is resolved. ormandy previously found exploits in earlier versions of lastpass on march 20, and said it was possible to proxy untrusted messages to lastpass. lastpass updated its users the same day with an incident report that detailed all "extensions have been patched and are being re-released to users".ormandy hasn't released details surrounding the latest vulnerability detailed by lastpass on monday, but said in a tweet it's a new exploit.writing in the project zero issue tracker on march 20, ormandy said the version's vulnerability was possible to proxy untrusted messages to lastpass."this allows complete access to internal privileged lastpass rpc commands," the researcher said. "there are hundreds of internal lastpass rpcs, but the obviousl...