On Monday, LastPass acknowledged a remote code execution vulnerability that affects version 4.1.43 of the LastPass extension on Chrome.
The vulnerability was discovered by Google Project Zero researcher Tavis Ormandy. In a blog post, LastPass called the vulnerability ‘unique and highly sophisticated’.
“We are now actively addressing the vulnerability. This attack is unique and highly sophisticated.”
LastPass did not give any specifics about the vulnerability or when a fix may be released but promised to release more details once the issue has been resolved. Ormandy hasn’t released details surrounding the latest vulnerability but did confirm via Twitter that it is a new exploit.