LastPass warns users to exercise caution while it fixes 'major' vulnerability

Password manager security flaw found by researcher from Google, prompting fears sophisticated hackers might be able to exploit it

Password manager LastPass is advising users to avoid using its browser plugins while it battles to fix a "major architectural problem", which could allow an attacker to steal passwords or execute code.

The vulnerability was discovered by Tavis Ormandy, a security researcher at Google, who tweeted about its existence over the weekend. Keeping with responsible disclosure norms, Ormandy did not publicly state how the bug is exploited, and informed LastPass of its existence.