Appears to have been patched. Thx for posting!
lastpass: bypassing do_popupregister() leaks credentials from previous site https://bugs.chromium.org/p/project-zero/issues/detail?id=1930 …
-
-
- 2 more replies
New conversation -
-
-
Many thx for checking out their code.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
handle_hotkey() not using isTrusted is particularly interesting. This is basic DOM security 101.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
If I might offer my own, crude, analysis:https://twitter.com/TC_Johnson/status/1173599434707521536 …
-
checks out.
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Dude I love you, but you're what creates my nightmares... With the issues with open source malware and sloppy code, I'm really contemplating using a notepad and pen to store my passwords.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
pass has everything I need with low risk
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
This only affects the browser extension, right? Not people using cloud password storage w/o the extension?
-
Or does this affect any site that uses any pop-up finctions to read any sensitive information?
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.