LastPass has said that there are some security holes in its online password management software. In a blog post, the company gave brief details of the flaws found in its password manager for Chrome, Firefox, Opera and Safari.
According to We Live Security, the first vulnerability is in an add-on known as Bookmarklets. LastPass Bookmarklets are small snippets of JavaScript code that install as a bookmark of “favourite” in your browser.
Detected by Zhiwei Li, a security researcher at UC Berkeley, found a method by which (if a user clicked a bookmarklet while visiting an untrustworthy website) passwords for other sites could be extracted from LastPass and put in the hands of criminal hackers.