One of the methods an attacker may use is coercing a running website to group into the same ‘isolated processes’ with that of a malicious website. While most programs are designed with this feature, recent research has revealed methods in which the vulnerability could exploit the ‘isolation’ aimed to protect a users’ data. This ‘site isolation’ is performed by running each webpage and/or browser extension in different computer processes to keep them quarantined from one another. Google’s Chrome, and other browsers, isolate webpages and/or browser extensions to prevent malicious webpages and/or browser extensions from being able to read that application’s potentially personal or confidential data. We encourage all our customers using the LastPass browser extension to review the latest developments and our recommended security steps outlined below to better protect their personal or confidential data. Google has recently released updates intended to protect against these types of attacks and prevent data from potentially being compromised on Chromium-based browsers like Chrome. The latest developments have additionally uncovered possible attack vectors or types that attempt to compromise the potentially personal or confidential data stored on any website(s) and/or browser extension(s), regardless of site or extension provider. As emerging research developed this year across the industry, we actively worked with Google’s Chromium Site Isolation Team to better understand any potential impact on browser-based password managers. Spectre had the capacity to affect any website or browser-based extension running on potentially impacted hardware.Īt that time, LogMeIn immediately began investigating and taking measures designed to limit the impact of Spectre. This vulnerability was shown to have the potential to break the isolation between running applications and allow data to be stolen from programs that are simultaneously being run on a computer. In 2018, a third-party hardware vulnerability, called Spectre, was discovered that affects most modern central processing units (or “processors” for short).
0 Comments
Leave a Reply. |