If all that happened, only the last site credentials filled by LastPass would be exposed. It seems like a lot of effort for such a small payoff. The user would then have to visit a compromised or malicious site where they would be tricked into clicking on the site several times. Even better, to exploit the bug a hacker would have to do a lot of work.Ī bad actor would only be able to exploit the vulnerability by getting a LastPass user to fill a password with the LastPass icon. Google Project Zero’s report showed that under a limited set of circumstances on the affected browsers an attacker could have created a clickjacking scenario.
Related: Watch out for a big increase in malware that steals your passwords LastPass said that although the bug was limited to Chrome and Opera browsers, the update has been deployed to all browsers. LastPass purged the bug and updated its program as soon as the Google Project Zero team alerted them to the finding.
0 kommentar(er)
