Google security research found a breach in the popular password management software LastPass that could hand over control of it to hackers.
A potential hacker could first lure the user to a malicious site, where it could exploit a flaw in the LastPass add-on for the Firefox browser, which would then yield control of the password management software.
The application’s developers wrote about the bug last week and announced that the fix is already available for Firefox users.
Experts say vulnerabilities in the software could have a huge impact among its users since it is said to securely store and autofill all of their users’ passwords for different websites.
Google security researcher Tavis Ormandy was the first to discover the password manager’s weak link. Other researchers identified a weakness in the software’s code, which can be tricked into autofilling a user’s password even if it isn’t on the appropriate website.
