Just in:
Hong Kong Crypto Exchange Application Stalled by US Lawsuit // Global Audience to Witness Thrill of Dubai World Cup // No running of govt from jail, says Delhi Lt Governor // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Melco Style Presents “SANRIO CHARACTERS STUDIO CITY CARNIVAL” – Explore a SANRIO World of Unlimited Love and Cuteness // Saudi Arabia Unveils Green Financing Tool to Achieve Net-Zero Goals // Andertoons by Mark Anderson for Fri, 29 Mar 2024 // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Sunshine’s Debut Features Leave Tech World Scratching Its Head // New Nylon Constant Torque Hinge From Southco Provides Position Control In A Compact Package // CABSAT 2024 Ushers in 30 Years of Media Innovation // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // Samsung Electronics Launches 2024 Neo QLED 8K, Neo QLED, and OLED Displays to Spark the AI Screen Era // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // US reiterates concern over Kejriwal arrest, Cong accounts // German Job Market Resilience Bodes Well for Economic Recovery // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Universal Language for Healthcare: General Authority Embraces Global Coding System // Following the Money Trail: US and UK Investigate $20 Billion in USDT Transfers Tied to Sanctioned Russian Exchange // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! //
HomeBiz TechLastPass acknowledges browser extension vulnerability, working on fix

LastPass acknowledges browser extension vulnerability, working on fix

1490669644 screen shot 2015 05 11 at 18 59 37

screen-shot-2015-05-11-at-18-59-37.png

LastPass browser extension (LastPass)

LastPass on Monday acknowledged a remote code execution vulnerability that affects version 4.1.42 of the LastPass extension on Chrome.

The client side vulnerability was discovered over the weekend by Google Project Zero researcher Tavis Ormandy.

ADVERTISEMENT

“We are now actively addressing the vulnerability. This attack is unique and highly sophisticated,” LastPass wrote in a blog post.

LastPass didn’t give specifics about the vulnerability or when a fix may be released, but promised more details when the issue is resolved.

Ormandy previously found exploits in earlier versions of LastPass on March 20, and said it was possible to proxy untrusted messages to LastPass. LastPass updated its users the same day with an incident report that detailed all “extensions have been patched and are being re-released to users”.

Ormandy hasn’t released details surrounding the latest vulnerability detailed by LastPass on Monday, but said in a tweet it’s a new exploit.

Writing in the Project Zero issue tracker on March 20, Ormandy said the version’s vulnerability was possible to proxy untrusted messages to LastPass.

“This allows complete access to internal privileged LastPass RPC commands,” the researcher said. “There are hundreds of internal LastPass RPCs, but the obviously bad ones are things copying and filling in passwords (copypass, fillform, etc).”

Furthermore, if a user had the LastPass binary component installed, the system was vulnerable to remote code execution.

LastPass is encouraging its users to use LastPass Vault to launch sites directly, be aware of phishing attacks, and enable two-factor authentication where they can.

LastPass was purchased by LogMeIn for $110 million in October 2015.

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
CABSAT 2024 Ushers in 30 Years of Media Innovation // Samsung Electronics Launches 2024 Neo QLED 8K, Neo QLED, and OLED Displays to Spark the AI Screen Era // Emirati Aid Reaches Ukraine as Food Shortages Bite // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Universal Language for Healthcare: General Authority Embraces Global Coding System // TUMI Hosts Global Launch Event in Singapore to Unveil Women’s Asra Collection and Announce Global Ambassador, Mun Ka Young // First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Hong Kong Crypto Exchange Application Stalled by US Lawsuit // US reiterates concern over Kejriwal arrest, Cong accounts // 2024 Lok Sabha Elections Will Be The Costliest One Till Now In The Whole World // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // German Job Market Resilience Bodes Well for Economic Recovery // Saudi Arabia Unveils Green Financing Tool to Achieve Net-Zero Goals // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Melco Style Presents “SANRIO CHARACTERS STUDIO CITY CARNIVAL” – Explore a SANRIO World of Unlimited Love and Cuteness // Global Audience to Witness Thrill of Dubai World Cup // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology //