LastPass includes zero-day vulnerabilities in browser extensions for chrome, Firefox and edge


LastPass by the Google researcher Tavis Ormandy closed this week publicly exposed security flaws in his eponymous password manager. A blog entry of the company that was started with the distribution of patches. Affected the LastPass browser extensions for Firefox, edge chrome and Opera.

 LastPass (image: LogmeIn) users of the password manager should now check whether they have already received the update. The version number can be found in the advanced options in the menu item “About LastPass”. LastPass for Firefox are healthy LastPass for edge 4.1.36, LastPass for chrome 4.1.43, 4.1.30 and LastPass for Opera 4.1.28. However, the company indicates that the updates for edge and Opera from the respective one-upmanship are inspected.

also emphasizes LastPass, that there is no evidence, that the two zero-day vulnerabilities were actively exploited and thus compromised confidential user data. In addition the mobile apps for were not susceptible to Android and iOS. Users would need to change now your master password or login information for LastPass stored Web sites or services.

“to the reported vulnerabilities to exploit, an attacker would need to entice a user first on a dangerous website”, writes amber God, Marketing Manager at LastPass, in one blog . Ormandy had shown that an attacker to call LastPass APIs and in some cases even as desired code could run as a trusted party. That allow the attacker to retrieve information such as log-in data of a user.

one of the two error relates to version 3.x of the Firefox extension, whose support in the April first and foremost. Nevertheless, the new version 3.3.4 available stand now. The other error was introduced only in August 2016, along with a new experimental feature. She had been deactivated immediately after becoming aware of the bug.

also announced LastPass to check the internal code review and security processes and to strengthen. That applies especially to new and experimental features. In addition, thanked the Manager Ormandy for his work and asked for more posts by security researchers to LastPass’ bug rewards program.

Ormandy LastPass’ praised, however, in response to its reports. “Am very impressed how quickly LastPass responds to security reports. If only all providers would be”so fast, he tweeted already on Wednesday.


open Telecom cloud: resources on demand

from Capex to Opex: turn companies just reinforced rigid investment costs in dynamic editions, which adapt to the business – IT capacity from the cloud, rather than from their own servers and be so flexible. Popularity: Infrastructure-as-a-service (IaaS) from the open Telecom cloud.

: how well you familiar with browsers? Test your knowledge – with 15 questions on .

Be the first to comment

Leave a Reply