Opera uses the same Chromium codebase as Chrome, and several other browsers, including Brave and Vivaldi, do as well. On the official LastPass blog, the company states that "while any potential exposure due to the bug was limited to specific browsers (Chrome and Opera), as a precaution, we've deployed the update to all browsers." 29, and LastPass had the fix ready two weeks later.
Ormandy reported the flaw to LastPass on Aug. The vulnerability has not been used in any active attacks yet, but now that it's being publicly disclosed and explained, expect someone to try it. "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs," Ormandy wrote. If the embedded site contains a login window, then the LastPass pop-up window may appear - displaying the credentials for a website previously visited in the same browser tab.
0 kommentar(er)
