Sure, a lot of these exploits are admittedly a bit more hyped than they should be. The idea here is that you should never be complacent. After that, on July 2016, a more benevolent hacker decided to reveal a bug that could be exploited to the public. Intrusions to LastPass have happened before, the most recent one being in 2015.
#Lastpass browser extension chrome code#
But with all due respect to them, we have to ask ourselves: what if one day we’re not lucky enough for a bug to be patched before it is exploited? What if an unanticipated problem in the application code allows a hacker to slip in and see all of your information out in the open? LastPass is a service that does everything it can to make sure that its users can trust it with their passwords – the very keys to their online existence. Breaches happen because we openly trust technologies before we even ask ourselves whether they are able to protect us from harm. sharing our passwords, our personal information, etc.) with the technology we use, we are effectively giving hackers one more way to compromise us. One of our most avid commenters made a similar statement earlier when we reported on the CIA’s Vault 7 leaks.Īs we get more intimate (e.g. Saying this will certainly not win anyone points in today’s tech industry climate, but it has to be said: convenience and security are usually a dichotomy. By default, both Chrome and Firefox will perform these updates for you, so if you have opted out, maybe now is a good time to give that a second thought. In general, you should do this with all of your extensions. Other than that, there is no immediate threat to be alarmed about.
If you use LastPass’ services, I strongly suggest making sure that your browser extensions are as up to date as possible. However, the fix was not pushed down to our legacy Firefox 3.3.x branch this branch has been scheduled for formal retirement in April.” What You Should Do
They have stated it openly in their announcement: “ This bug was reported to our team last year and fixed at that time. NXDOMAIN-ing) while they investigated the problem, then posted an announcement on Wednesday saying that they fixed the issues in the Chrome extension.Īs far as the Firefox extension was concerned, they left it as is since the 3.x version branch will be retired in April anyway. On Tuesday LastPass made the internal service domain responsible for transferring authentication information appear non-existent (e.g.
#Lastpass browser extension chrome password#
It allows hackers to execute a universal cross-site script to reveal a user’s password through alerts.
The other bug found by Ormandy was in LastPass’ Firefox extension version 3.3.2 (older, but still very popular). The first bug – which allows hackers to write in code while hijacking your computer’s communication with the server you are logging into and gain access to your passwords – can be found in this report that also contains his proof-of-concept code in case you’re interested. The BugsĪ bug in LastPass’ Google Chrome extension was discovered by Tavis Ormandy, a member of Google’s Project Zero, on Monday. Barely a few weeks have passed, and March continues to be an action-packed month as bugs in LastPass’ browser extensions would allow hackers to grab passwords from unsuspecting users.
0 kommentar(er)
