LastPass: design flaw in communication between privileged and unprivileged components

7

LastPass: design flaw in communication between privileged and unprivileged components ☶ security bugs.chromium.org
via spinda 7 years ago | archive
Archive.org Archive.today Ghostarchive
| no comments

0

Key quote:

This allows access to any of the privileged LastPass RPCs, so this is a complete compromise of the lastpass addon. From here an attacker can create and delete files, execute script, steal all passwords, log victims into their own lastpass account so that they can steal anything new saved there, etc, etc.

Note that this is not the same bug as in the post from earlier today.