
Google Warns LastPass Users Were Exposed to ‘Last Password’ Credential Leak - XiS
https://www.forbes.com/sites/daveywinder/2019/09/16/google-warns-lastpass-users-were-exposed-to-last-password-credential-leak/
======
sawaruna
> Ferenc Kun, the security engineering manager for LastPass at LogMeIn, which
> owns LastPass, said in an online statement that this "limited set of
> circumstances on specific browser extensions" could potentially enable the
> attack scenario described."To exploit this bug, a series of actions would
> need to be taken by a LastPass user including filling a password with the
> LastPass icon, then visiting a compromised or malicious site and finally
> being tricked into clicking on the page several times," Kun said, "any
> potential exposure due to the bug was limited to specific browsers (Chrome
> and Opera.)"

> LastPass has already patched the vulnerability, and the fix was
> comprehensively verified with Project Zero. Indeed, the fix was rolled out
> on September 13, and Kun confirmed that "we have now resolved this bug; no
> user action is required and your LastPass browser extension will update
> automatically." As a precaution, the LastPass update was deployed to all web
> browsers and not just Chrome and Opera.

