The Lastpass password management service, owned by LogMeIn, a developer of remote computing applications, advised users to be cautious and avoid using their own extensions on browsers as they identified and fixed a large Security vulnerability in their architecture that could allow attackers to steal passwords Or code execution.

The gap was discovered by security researcher Tavis Ormandi of Google, who posted tweets about the problem over the weekend, with his reluctance to publicly report how to exploit the bugs, and told the password management company about the bugs.

“We are now working very hard to address the problem. This attack is very unique and sophisticated. We do not want to disclose anything specific about vulnerability or the way we fix it so that it can reveal anything to abusive parties, so users can expect to publish our details. More after the completion of the work. ”

The company has deployed three detailed steps that users can use to maintain their security, directly operating sites through the LastPass Vault storage room, using a dual authentication agent, and beingware of phishing attacks.

Ormande focused his research efforts on LastPass as part of his work on Google’s security team dedicated to finding and reporting flaws and security holes in the products of other Project Zero companies. Last week, LaBase released a reform of two of the security problems cited by the security researcher.

“We appreciate the work done by researcher Tavis, Project Zero and other white-hatered security researchers, and we all benefit when such a security model works to detect errors responsibly, and we are confident that LastPass is very interested,” the company said at the time.

Most security experts recommend using a password manager, although there may be some errors in such products. The issue of password reuse is a more pressing security issue than the password manager program.

The security breaches of user data occur regularly because there is no reason to prevent the spread of damage off-site affected, because the vast majority of users are unable to remember enough passwords are unique and powerful, which can cover all sites and services used.