Freemium password manager LastPass has patched a security flaw that could have allowed hackers to scrape login details from the last site you visited.
Tavis Ormandy, a security researcher from Google’s Project Zero team, responsibly disclosed the discovery late last month. To exploit the bug, a user would have needed to take a certain number of actions including filling a password with the LastPass icon then visiting a malicious site and being tricked into clicking on the page several times.
LastPass said it worked quickly to develop a fix and verified it with Ormandy. While any potential exposure was limited to Chrome and Opera browsers, LastPass said they deployed the update to all browsers out of precaution.
Fortunately, LastPass users shouldn’t have to do much as the client has likely already automatically updated itself by now. You can check your LastPass version number by navigating to Account Options -> About LastPass. If you’ve got v4.33.0 / v4.33.4 then you’re golden.
Image credit: LastPass by Sharaf Maksumov