Two vulnerabilities were discovered in the LastPass browser extension.
What is the risk?
In certain circumstances, these vulnerabilities could be used to steal passwords or run malicious code, though there have been no confirmed incidents of stolen data or passwords.
What has LastPass done?
All versions of the LastPass browser extension have been updated to fix these vulnerabilities and are being pushed to clients. Instructions for checking your update status is available at the LastPass blog post on the topic.
What should I do?
Click Wisely: Security vulnerabilities are often exploited by tricking people into clicking unsafe or unexpected links.
Apply Updates: Keep auto-update enabled for your browser so security updates get applied immediately.
Use Two-Step Verification: Even if a password is stolen, your account is still protected if you use two-step. Learn how to enable two-step for all your services by visiting twofactorauth.org.