LastPass patched a bug that could have leaked the last used credentials of its users.

hacker 1944688

Date: 17 – September – 2019


LastPass informed that they had patched a vulnerability that was found by Google Project Zero* Analyst, Tavis Ormandy, he reported this bug on the 29th of August as Project Zero issue 1930, where he explained the process in which credentials of LastPass could be exposed to any malicious website.

This bug could have leaked the last credentials that the user used because a cache not been updated. LastPass is one of the most popular password managers with more than 16 million users worldwide.   

LastPass informed that the update they released would prevent this from happening, you must double-check that you have the latest version of their browser extension, the bug was patched in the version 4.33.0.

*Google Project Zero is a team of security analysts that uncover zero-day vulnerabilities, when they found a vulnerability they report it to the vendor concerned and starts a 90-day countdown for a fix to be issued before a full public disclosure is made.