![]() “It’s possible to proxy untrusted messages to LastPass 4.1.42 due to a bug, allowing websites to access internal privileged RPCs (Remote Procedure Calls). The Chrome plug-in sports a script that can be exploited to allow malicious websites to access to internal privileged LastPass RPC (remote procedure call) commands. The LastPass password management service stores users’ passwords in the cloud, and they are retrieved by browser extensions when a user needs them to access an online account. ![]() The flaws were discovered by Google Project Zero researcher Tavis Ormandy, and responsibly disclosed to LastPass.īut while the company has pushed out what seems to be a slapdash and incomplete fix in the latest version of the Chrome extension (4.1.42, dated March 14, 2017), a fixed version of the Firefox plug-in has still not been released, as the company is waiting for Mozilla to greenlight it. LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims’ passwords or execute commands on their computer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |