1. 6

Key quote:

This allows access to any of the privileged LastPass RPCs, so this is a complete compromise of the lastpass addon. From here an attacker can create and delete files, execute script, steal all passwords, log victims into their own lastpass account so that they can steal anything new saved there, etc, etc.

Note that this is not the same bug as in the post from earlier today.