Are you using a password wallet? Password Wallet’s are not always safe. The leader, Last Pass just experienced a security breach a couple of days ago and has issued a new version for the Chrome browser. The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google’s elite security and bug-hunting team.
FIX AVAILABLE
LastPass, believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. In a blog post, the company said the bug only impacts its Chrome and Opera browser extensions.
If users have not enabled an auto-update mechanism for their LastPass browser extensions, they’re advised to perform a manual update as soon as possible.
This is because yesterday, Ormandy published details about the security flaw he found. The security researcher’s bug report walks an attacker through the steps necessary to reproduce the bug.
Since the bug relies on executing malicious JavaScript code alone, with no other user interaction, the bug is considered dangerous and potentially exploitable.
Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials users had entered on previously-visited sites. According to Ormandy, this isn’t as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site.
Change Passwords
Just because you use a password wallet doesn’t mean you don’t need to use strong passwords, or change passwords on a regular basis. It is always best to have a STRONG password and to not use the same passwords on similar sites.
