Discovery was announced by Google

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 13, 2025 6:04 am

Their security expert Tavis Ormandy. According to the description on the Google Project Zero pages, the errors in the code allow anyone to access internal commands in the LastPass extension for Chrome, Firefox, and Edge browsers. These commands are used to copy passwords and autofill web forms with information from a secure storage. If the binary uk whatsapp data of the extension is installed, the openattach command can be used to run arbitrary code on the computer. To carry out an attack, the criminal only needs to lure the victim to a malicious site.

Ormandy has found vulnerabilities in LastPass before, but they usually related to older versions of extensions. This time, the bug concerns the latest version of the password manager. Until now, LasPass developers have quickly fixed the vulnerabilities found, but the problem is that hackers prefer not to report them to companies or the public, but to secretly exploit them - this is how hacker databases with passwords of users of popular services are replenished.

The expert nevertheless claims that he did not find any signs of theft of user passwords, but advises updating to the latest version of the application, where the vulnerabilities in the extensions are closed: Firefox - 4.1.36, Chrome - 4.1.43, Edge - 4.1.30 and Opera - 4.1.28.