Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension.
Long story short, a Google Project Zero researcher found it possible to steal the details of the last account a user logged into from a website being viewed in Chrome or Opera.
The vulnerability was reported to LastPass who patched the problem immediately. Version 4.33.0 of the company’s browser extension includes the fix and whilst it should upgrade automatically it might be wise to double check. Especially now the vulnerability has been made public.
Source: Password-exposing bug purged from LastPass extensions | Ars Technica