Password manager, LastPass, patched a bug that could have revealed credentials entered on a previously visited site.
Even worse, Ormandy notes that attackers could use a service like Google Translate to disguise a malicious URL and trick vulnerable users into visiting a rogue site. Once there, attackers could use the vulnerability to extract the credentials entered on previously-visited sites.
It’s also worth noting that the bug is limited to certain browsers — Chrome and Opera.
On September 13, LastPass fixed the vulnerability with version 4.33.0.