Oops, new LastPass bug that affects 4.1.42 (Chrome&FF). RCE if you use the "Binary Component", otherwise can steal pwds. Full report on way.pic.twitter.com/y92vm3Ibxd
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Full exploit is two lines of javascript. #sigh ¯\_(ツ)_/¯
Makes me wonder what the shortest exploit in the history of computing is, in terms of number of bytes.
Since Do you think sanitizing input to whatever your exploit calls would be a way to patch?
I think it would be complicated, it's similar in principle to this bug https://bugs.chromium.org/p/project-zero/issues/detail?id=884 …
Have you taken a closer look at @1Password yet?
you’ve found a lot of crap in LastPass. 1Password any better?
lander I hope you’re not using LastPass
This is why I'm glad pwsafe just uses SendMessage(), a database and U2F. What is up with browser plugins and clouds in pass manager?
Is 1password/enpass safe?
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.