LastPass Bug Leaks Credentials From Previous Site

Password manager LastPass has released an update last week to fix a security bug that exposes credentials entered on a previously visited site. From a report: The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google’s elite security and bug-hunting team. LastPass, believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. If users have not enabled an auto-update mechanism for their LastPass browser extensions or mobile apps, they’re advised to perform a manual update as soon as possible. This is because yesterday, Ormandy published details about the security flaw he found. The security researcher’s bug report walks an attacker through the steps necessary to reproduce the bug.