If you’re a LastPass user, you should make sure that you’re currently running the latest version of the browser extension.
In a blog post today, LastPass acknowledged a bug in the extension that could potentially allow malicious websites to trick the browser into giving it credentials that you entered on another site. Not exactly something you want to happen.
LastPass says that once it was aware of the issue, which was discovered by a vulnerability researcher at Google, it developed a fix which has been deployed to the extension. The issue only impacted the extension on Chrome and Opera.
The company notes that “no user action is required and your LastPass browser extension will update automatically,” but it’s always a good idea to make sure that automatic update made its way to you.
To check, click the three dots at the top right side of Chrome and then select More Tools followed by Extensions. From there, scroll down until you see LastPass, click the Details button and then hit “Update” to manually update the extension to the latest version.
In the blog post announcing the issue, LastPass also offered a few security tips of its own. Specifically, to not click on links from people that you don’t know, never reuse your LastPass master password, and use unique, different passwords for every online account. You know, basic computer security.
The company also suggests always enabling multi-factor authentication for LastPass as well as your other online accounts. If you don’t have that set up yet, now’s a good time to go through all your accounts and make sure you do.