Some news has been floating around the Internet where a Google Security Researcher has found and helped in patching a critical vulnerability with Keeper. Keeper is a password manager application is being distributed inbuilt with various copies of Windows 10 this year. Hence, this vulnerability potentially made a large number of machines a target for exploits.
Keeper app contained a critical vulnerability – now patched
Travis Ormandy is the Security Researcher who found this vulnerability said:
I remember filing a bug a while ago about how they were injecting privileged UI into pages. “I checked and, they’re doing the same thing again with this version.
He also demonstrated the attack, and as a part of Project Zero, and shared some details as well. He informed that the bug is subjected to a 90-day disclosure deadline which means that once 90 days are up, Tavis is free to share the details about the bug and how to exploit it publically.
Well, the user may take a sigh of relief because Keeper has already marked this issue as resolved and a new fix is pushed via an update to the app. They said in a blog post that:
All customers running Keeper’s browser extension on Edge, Chrome and Firefox have already received Version 11.4.4 through their respective web browser extension update process. Customers using the Safari extension can manually update to version 11.4.4 by visiting Keeper’s download page. No reports of any customers affected by this bug have been reported to Keeper. Mobile Apps and Desktop Apps were not affected and do not require updates.
Now, it is safe to download this password manager extension from the respective stores of your browsers. It is available for Windows, MacOS, and Linux as a native app and as a browser extension on Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome, and Safari.