![]() ![]() The researcher explains that the script is only used to access a specific domain on, and if you take a closer look at how it works, it looks like this: Moreover, to implement an attack, an attacker only needs to lure the user to a malicious site. According to the researcher, the content_scrip extension contains a vulnerability, an attack on which could lead to the compromise of all credentials stored in the application. Ormandy writes that he found an issue in the official LastPass extension for chrome browser. Now, almost a year later, the expert has decided to put the security of LastPass to the test, and, unfortunately, the application cannot be said to have passed this test. Back in the summer of 2016, Google Project Zero specialist Tavis Ormandy is sincere: "Do people really use this LastPass thing?" Then Ormandy discovered a vulnerability in the code of the LastPass add-on for Firefox 0-day, which allowed him to remotely compromise all user passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |