Lastpass Free Password Ma

Name: Security Analysis: Lastpass Free Password Ma
Item: Lastpass Free Password Ma
Rating: 5
Author: ChromeBoard

🔍 Security Report Available

👥 8M+ users

📦 v4.151.3

💾 18.56MiB

📅 2026-02-12

View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

LastPass is the easiest way to manage passwords—wherever you browse.

Tired of forgetting passwords or resetting them constantly? Meet LastPass, the trusted password manager—used by millions of people and thousands of businesses—to keep passwords and other account info safe, secure, and always within reach.

With LastPass, you only need to remember one master password. We’ll handle the rest—autofilling logins, generating secure passwords, and syncing across all your devices. Whether you're browsing on Chrome or logging into your favorite website, LastPass makes it effortless.

WHY MILLIONS TRUST LASTPASS
🔐 Secure Password Vault: Store all your passwords, passphrases, passkeys, usernames, and payment methods in one encrypted place.
⚡ Autofill Made Easy: Instantly fill in login credentials on websites and in apps—no typing required.
🧠 One Master Password: Just remember one password—LastPass remembers the rest.
📝 More Than Passwords: Securely store credit cards, insurance info, social security numbers, and private notes.
🤝 Share Securely: Share passwords safely with family, friends, or coworkers.
🔒 Built-In Password Generator: Create strong, unique passwords and passphrases in a single tap.
🛡️ Multi-Factor Authentication (MFA): Add an extra layer of protection to your password app.

GO PREMIUM FOR MORE POWER
Try LastPass Premium free for 30 days and unlock:
📱 Unlimited device access across all platforms
🌐 Access on Edge, Firefox, and other browser extensions
🔗 Unlimited sharing of passwords and notes
☁️ 1GB of encrypted file storage
🛡️ Advanced MFA options like YubiKey
🚨 Emergency access for trusted contacts
💬 Priority customer support

BUILT FOR SECURITY
Your data is encrypted with bank-grade AES-256 encryption—only you can unlock your vault. Even we can’t access it.

RECOGNIZED. RESPECTED. RECOMMENDED.
There’s a reason LastPass is trusted by millions and featured in top publications like Forbes, PCMag, TechRadar, and ZDNet. We consistently lead the way in ease of use and customer support, earning top ratings on platforms like G2. When it comes to password managers, users and experts agree—LastPass delivers.

DOWNLOAD LASTPASS TODAY
Start using the smarter, safer way to manage your passwords and passkeys.

Privacy Practices

✓ Not being sold to third parties, outside of the approved use cases

✓ Not being used or transferred for purposes that are unrelated to the item's core functionality

✓ Not being used or transferred to determine creditworthiness or for lending purposes

🔄 New version v4.151.3 detected — scan automatically queued.

v4.151.4 Info Scanned Mar 7, 2026

Security Analysis — Lastpass Free Password Ma

Analyzed v4.151.4 · Mar 7, 2026 · 70 JS files · 34590 KB scanned

Permissions

Code Patterns Detected

External Connections

www.w3.org link.lastpass.com lastpass.com github.com momentjs.com www.googleapis.com www.lastpass.com accounts.lastpass.com content.googleapis.com udemy.com no-such-site.com schemas.xmlsoap.org +8 more

Package Contents 604 files · 56.9MB

▾📁_locales1KB

▾📁de

{}messages.json144B

▾📁en

{}messages.json179B

▾📁es

{}messages.json151B

▾📁fr

{}messages.json135B

▾📁it

{}messages.json151B

▾📁nl

{}messages.json143B

▾📁pt_BR

{}messages.json148B

▾📁_metadata85KB

{}verified_contents.json85KB

▾📁images299KB

▾📁iconset29KB

🖼18x18_Breach.png531B

🖼18x18_Gray.png400B

🖼18x18_Green.png380B

🖼18x18_Red.png371B

🖼18x18_Yellow.png375B

🖼19x19_Breach.png616B

🖼19x19_Breach_2x.png1KB

🖼19x19_Gray.png479B

🖼19x19_Gray_2x.png860B

🖼19x19_Green.png471B

🖼19x19_Green_2x.png848B

🖼19x19_Red.png473B

🖼19x19_Red_2x.png840B

🖼19x19_Yellow.png450B

🖼19x19_Yellow_2x.png809B

▾📁iconset313KB

🖼18x18_Breach.png669B

🖼18x18_Gray.png504B

🖼18x18_Green.png541B

🖼18x18_Red.png541B

🖼18x18_Yellow.png620B

🖼19x19_Breach.png694B

🖼19x19_Breach_2x.png2KB

🖼19x19_Gray.png548B

🖼19x19_Gray_2x.png1KB

🖼19x19_Green.png567B

🖼19x19_Green_2x.png1KB

🖼19x19_Red.png567B

🖼19x19_Red_2x.png1KB

🖼19x19_Yellow.png651B

🖼19x19_Yellow_2x.png2KB

▾📁iconset415KB

🖼18x18_Breach.png736B

🖼18x18_Gray.png536B

🖼18x18_Green.png615B

🖼18x18_Red.png619B

🖼18x18_Yellow.png633B

🖼19x19_Breach.png806B

🖼19x19_Breach_2x.png2KB

🖼19x19_Gray.png569B

🖼19x19_Gray_2x.png1KB

🖼19x19_Green.png671B

🖼19x19_Green_2x.png2KB

🖼19x19_Red.png671B

🖼19x19_Red_2x.png2KB

🖼19x19_Yellow.png647B

🖼19x19_Yellow_2x.png2KB

▾📁iconset510KB

🖼18x18_Breach.png582B

🖼18x18_Gray.png430B

🖼18x18_Green.png435B

🖼18x18_Red.png428B

🖼18x18_Yellow.png438B

🖼19x19_Breach.png644B

🖼19x19_Breach_2x.png1KB

🖼19x19_Gray.png508B

🖼19x19_Gray_2x.png903B

🖼19x19_Green.png540B

🖼19x19_Green_2x.png922B

🖼19x19_Red.png509B

🖼19x19_Red_2x.png923B

🖼19x19_Yellow.png508B

🖼19x19_Yellow_2x.png916B

▾📁safari-icons199KB

🖼icon-128.png13KB

🖼icon-256.png42KB

🖼icon-48.png3KB

🖼icon-512.png128KB

🖼icon-64.png4KB

🖼icon-96.png8KB

🖼icon-128.png3KB

🖼icon-256.png6KB

🖼icon-48.png1KB

🖼icon-512.png14KB

🖼icon-64.png2KB

🖼icon-96.png4KB

🖼toolbar-alt-icon-16.png1KB

🖼toolbar-alt-icon-19.png1KB

🖼toolbar-alt-icon-32.png2KB

🖼toolbar-alt-icon-38.png2KB

🖼toolbar-alt-icon-48.png3KB

🖼toolbar-alt-icon-72.png3KB

🖼toolbar-icon-16.png1KB

🖼toolbar-icon-19.png1KB

🖼toolbar-icon-32.png2KB

🖼toolbar-icon-38.png2KB

🖼toolbar-icon-48.png2KB

🖼toolbar-icon-72.png3KB

▾📁static36.7MB

▾📁css74KB

🎨146.4d397f48.css55KB

🎨54.b1b5a484.chunk.css7KB

🎨extensionToolbar.12407cec.css4KB

🎨extensionToolbarMobile.12407cec.css4KB

🎨login.12407cec.css4KB

🎨preferences.7af91b54.css694B

▾📁js14MB

📜208.208.js551KBlarge

📄208.208.js.LICENSE.txt1KB

📜216.vendors.js1.3MBlarge

📄216.vendors.js.LICENSE.txt3KB

📜228.zxcvbnCommonPackage.chunk.js394KBlarge

📜285.extensionToolbar.js659KBlarge

📜297.infield.js60KBlarge

📜359.vendors-redux.js30KB

📜363.fillConfirmation.js7KB

📜366.passkeyUserVerification.js5KB

📜381.zxcvbnFrPackage.chunk.js635KBlarge

📜393.zxcvbnItPackage.chunk.js631KBlarge

📜401.vendors-emotion.js49KB

📜443.about.js3KB

📜484.vendors-lingui.js7KB

📜508.zxcvbnNlBePackage.chunk.js419KBlarge

📜513.packages.js1.1MBlarge

📜535.login.js32KB

📜54.54.chunk.js363KBlarge

📜544.preferences.js193KBlarge

📜619.619.js112KBlarge

📜627.627.js21KB

📜655.passwordReprompt.js3KB

📜666.runtime.js5KB

📜67.67.chunk.js226KBlarge

📜673.0dbb249c.chunk.js186KBlarge

📄673.0dbb249c.chunk.js.LICENSE.txt233B

📜673.673.chunk.js186KBlarge

📄673.673.chunk.js.LICENSE.txt233B

📜68.vendors-chakra.js346KBlarge

📜71.zxcvbnEsEsPackage.chunk.js766KBlarge

📜753.clipboardPermission.js6KB

📜815.extensionToolbarMobile.js56KBlarge

📜844.tabPrompt.js494KBlarge

📜889.zxcvbnPtBrPackage.chunk.js511KBlarge

📜893.pbkdf2-ie11.chunk.js89B

📜896.vendors-react.js138KBlarge

📄896.vendors-react.js.LICENSE.txt971B

📜899.zxcvbnDePackage.chunk.js822KBlarge

📜916.core-frontend.js1.9MBlarge

📜922.edit.js41KB

📜923.zxcvbn.chunk.js799KBlarge

📜95.zxcvbnEnPackage.chunk.js1.2MBlarge

📜951.extensionPendo.js4KB

📜956.pbkdf2-ie-legacy.chunk.js6KB

📜pbkdf2-ie-legacy.bbdd2a9b.chunk.js6KB

📜pbkdf2-ie11.a3ef7173.chunk.js87B

▾📁media22.6MB

🖼Address.b9ecf2a9.svg902B

🖼AmericanExpress.2f723b4c.svg3KB

🖼BankAccount.0e24e1c5.svg498B

🖼Close.93bb8f8c.svg479B

🖼CloudApp.42f77c9b.svg993B

🖼Copy.02c6a813.svg278B

🖼Database.ace68520.svg1KB

🖼Discover.9cd76487.svg65KB

🖼DriversLicense.d712e224.svg2KB

🖼Email.f3988a8e.svg537B

🖼HealthInsurance.546e9ad1.svg793B

🖼InstantMessenger.c8067310.svg529B

🖼Insurance.1f94139e.svg1KB

🖼LastPass-Logo-Color.f2f89a4b.svg6KB

🖼LastPass.dc936eef.svg452B

🖼Loading.54df61e2d9857727ec80.gif12KB

🖼Login.f669a683.svg785B

🖼Maestro.66bb81e2.svg853B

🖼Mastercard.26eb0f20.svg826B

🖼Membership.4e6ce1c6.svg897B

🖼Note.41c8fbbf.svg712B

🖼PasskeyIconBadge.e70969f7.svg952B

🖼PasskeyIllustration.d10ed81a.svg20KB

🖼Passport.6474c7a7.svg2KB

🖼Password.855534f7.svg432B

🖼Payment-card.2779748d.svg696B

🖼Refresh.a8fba1a0.svg824B

🖼Search.ef41fae39ef89a4e1768.png15KB

🖼Search_Close.b1453b4b4897fdaf02aa.png14KB

🖼Server.b912aec0.svg1KB

🖼SocialSecurity.f21d789d.svg725B

🖼SoftwareLicense.fde7e85d.svg637B

🖼Visa.22519221.svg34KB

🖼Warning-Icon.4c7e0866.svg644B

🖼Wifi.3e8b255f.svg1KB

🖼account-manager-dashboard.5c106c5e.svg3KB

🖼add-icon.1131b27a.svg252B

🖼add-record.119c1ff2.svg416B

🖼add.c41f54de.svg365B

🖼add10_completed.bb7c9cf2.svg2KB

🖼add10_default.fd64f676.svg2KB

🖼add3_completed.3e715ecb.svg2KB

🖼add3_default.bc400fe3.svg2KB

🌐addFormFieldDialog.6abc4c33.html755B

🌐addTotpDialog.1284bfa2.html558B

🖼add_address_completed.b1a3163a.svg2KB

🖼add_address_default.6a716cb1.svg2KB

🖼add_address_illustration.77d60356.svg24KB

🖼add_note_completed.02f09d27.svg2KB

🖼add_note_default.f21f2ca9.svg2KB

🖼add_payment_card_completed.2f23e4a4.svg2KB

🖼add_payment_card_default.aeaf5dcf.svg2KB

🖼add_payment_card_illustration.4d5918c2.svg23KB

🖼add_white.3abb1ed8.svg177B

🖼alert-circle.c3179b05.svg535B

🖼alert.5044bb78.svg380B

🖼alert.bb58f3b6.svg3KB

🌐alertDialog.03ae5416.html27B

🖼amazon-icon.f42b5f90.svg162KB

🖼app_store.7643e964.svg6KB

🖼arrow-back.90746688.svg315B

🖼arrow-right.785a4966.svg262B

🖼arrow_left.5e51e176.svg420B

🖼authlogo-ms.5a6c4b6a.svg92KB

🖼authlogo-secureauth@2x.30e18509c48bd06e4d69.png11KB

🖼auto-fill-magic.59347e13.svg12KB

🖼autofill-magic.d23840e9.svg12KB

🖼back-icon.440a629f.svg308B

🖼bin.460b6048.svg656B

🖼blocked-page.df9201e1.svg5KB

🖼business_onboarding.38c71ffe.svg905B

🖼business_skill_icon_completed.a20de285.svg779B

🖼check-mark-green.34c3b59a.svg216B

🖼check.c4fd7685.svg372B

🖼check_green.cd6171f9.svg386B

🖼check_small.a3b10d90.svg276B

🖼checkmark.2daa2e72.svg319B

🖼chevron-down.a91aef84.svg286B

🖼chevron-right.09494dfc.svg275B

🖼chevron-right.5b04b232.svg392B

🖼chevron_left.8b9bb2df.svg488B

🖼chrome_settings.25079344.svg331B

🖼chrome_settings_passwords.2a723228.svg6KB

🖼chrome_toolbar_settings.6c327caf.svg7KB

🖼close.c1889d61.svg317B

🖼close.d3308966.svg318B

🖼close_modal.1435e175.svg406B

🖼cloud-apps-folder.20157126.svg777B

🖼company.49beef36.svg4KB

🖼confirm-federated-migration.a38e51bd.svg7KB

🖼confirmation-error-icon.3f46d735.svg467B

🌐confirmationDialog.ad60ee5c.html34B

🖼contact.59da94fe.svg809B

🖼copy-duplicate-icon.444701e0.svg378B

🖼copy-duplicate-icon.f0b94046.svg289B

🖼copy.47f3d654.svg389B

🖼curved_arrow_long_new.782e2f02.svg6KB

🖼dark_web_monitoring_completed.30cad70e.svg3KB

🖼dark_web_monitoring_default.e625baac.svg4KB

{}de_DE.0051a77eb8dace4bf475.json2.9MB

🖼disable_browser_password_manager_completed.dc371bbc.svg2KB

🖼disable_browser_password_manager_default.2e7af729.svg2KB

🖼download.d309b625.svg582B

🖼download_mobile_app_completed.92b9189f.svg1KB

🖼download_mobile_app_default.b3bb0e55.svg2KB

🖼drawer_close_icon.5f716e80.svg551B

🖼dropbox_icon.bfcb901b.svg555B

🖼edit-pencil.524d820c.svg740B

🖼emergency.73f7b261.svg5KB

🖼emergency_access_completed.32bbec43.svg4KB

🖼emergency_access_default.02c75f53.svg4KB

🖼emergency_access_illustration.8a3aace8.svg5KB

🖼empty-chart.65dd9a22.svg825B

🖼empty-state-edit-record.a35e8f5b.svg5KB

{}en_US.04a67f013e83ff96f4f1.json2.7MB

🖼enterprise-widget-background.9a66af25.svg14KB

🖼error.9e9dfc2c.svg3KB

{}es_ES.80a506c563ddca02c993.json2.9MB

🖼exclamation-icon.880abe0d.svg283B

🖼expand-right.7743eb1a.svg429B

🖼external-link-icon.e47f1f6f.svg603B

🖼facebook-icon.ba179cc5.svg560B

🖼facebook_icon.f9909774.svg270B

🖼families.ab38b7cb.svg4KB

🖼families_completed.f1ea2a00.svg3KB

🖼families_default.b91315c6.svg3KB

🖼favourite-empty-state.bee53251.svg7KB

🖼feature-dwm-icon.afa1de34.svg2KB

🖼feature-multi-device-mobile-icon.55e156ae.svg693B

🖼feature-multi-device-pc-icon.ba878197.svg1KB

🖼feature-share-icon.cb5f46d8.svg1KB

🌐fieldHistoryDialog.5daf3b78.html553B

🖼filled-star.ea23670c.svg469B

🖼folder.85a35900.svg316B

{}fr_FR.2d07815b1ab6774a1ebf.json2.9MB

🖼gear-icon.dfe20100.svg987B

🖼generate_password.957d9a90.svg820B

🖼generate_password_completed.c836cc44.svg4KB

🖼generate_password_default.6603d688.svg4KB

🖼gmail_icon.fc5eded4.svg783B

🖼google-icon.f05cea7b.svg898B

🖼hide.5f3b3479.svg636B

🖼home-icon.5bcc1ea6.svg736B

🖼how_to_move_to_folder.a99ae193.svg331KB

🖼icon-25-percent.c9f13c54.svg20KB

🖼icon-30-percent.50ea4dff.svg19KB

🖼icon-account.4880353f.svg261B

🖼icon-add.cb36d116.svg413B

🖼icon-address.aaa1b8bb.svg843B

🖼icon-advanced-feature.be163ab0.svg1011B

🖼icon-alert-white.54030817.svg280B

🖼icon-alert.bb58f3b6.svg3KB

🖼icon-angle-down.43e578eb.svg275B

🖼icon-arrow-left.d91906c5.svg291B

🖼icon-back.2c0ee774.svg156B

🖼icon-bank-account.aa870f46.svg275B

🖼icon-bin-yellow.3bd67dff.svg734B

🖼icon-blue-info.087d83b7.svg420B

🖼icon-breach-alert.1c85bb50.svg6KB

🖼icon-breached-password-alert.91acf334.svg1KB

🖼icon-bug.74e5f98a.svg491B

🖼icon-calendar.89ea31d3.svg1KB

🖼icon-check-circle.758af179.svg200B

🖼icon-check.011cafc7.svg402B

🖼icon-chevron-down.81c4a2c4.svg280B

🖼icon-chevron-down.b963d0a4.svg395B

🖼icon-chevron-left.42abb45d.svg282B

🖼icon-chevron-up.ab5d4311.svg488B

🖼icon-chevron-up.bec7239f.svg277B

🖼icon-close-small.b2abe3a8.svg335B

🖼icon-close.2623746f.svg375B

🖼icon-close.538e9649.svg493B

🖼icon-close.892cdeee.svg288B

🖼icon-close.a7a1a9d3.svg374B

🖼icon-close.b1c724c1.svg318B

🖼icon-close.d582d891.svg202B

🖼icon-close2.437e2780.svg344B

🖼icon-copy-to-clipboard.c55abfd7.svg974B

🖼icon-crossed-password-eye.ffd7c1bb.svg629B

🖼icon-custom.0e2f058c.svg853B

🖼icon-dark-web-alert.d4f648bb.svg2KB

🖼icon-database.da1a2e74.svg1KB

🖼icon-delete.4a3c6449.svg625B

🖼icon-dont-send-alerts-yellow.9c61efbb.svg476B

🖼icon-dont-send-alerts.400f35a9.svg429B

🖼icon-drag-and-drop.08a8c531.svg131B

🖼icon-drivers-license.fddbca62.svg1KB

🖼icon-email-account.a5b7a916.svg659B

🖼icon-emergency-access.b3418e60.svg1KB

🖼icon-error-dialog.bbe63bcd.svg451B

🖼icon-error.397a3dea.svg415B

🖼icon-exclude-yellow.c52c1004.svg687B

🖼icon-external-link.431f1b4d.svg578B

🖼icon-external-link.da1e2ee6.svg732B

🖼icon-external-link.fa217a1a.svg398B

🖼icon-eye-hide.ae8f5759.svg974B

🖼icon-eye-hide.c82fc488.svg780B

🖼icon-eye-hide.e82d78f5.svg794B

🖼icon-eye-show.834bb754.svg459B

🖼icon-eye-show.b79b90b3.svg461B

🖼icon-eye-show.cf870e9f.svg544B

🖼icon-generate-password.902cbda5.svg977B

🖼icon-generic-error.3e89973a.svg6KB

🖼icon-green-check.c0a23693.svg2KB

🖼icon-health-insurance.6902a9c1.svg975B

🖼icon-help.2759307f.svg315B

🖼icon-help.2b2e17f3.svg420B

🖼icon-indeterminate.8c8e51d0.svg168B

🖼icon-info.10ac782c.svg699B

🖼icon-info.7c59f5b4.svg420B

🖼icon-info.b31d7ae1.svg420B

🖼icon-information.6943459b.svg2KB

🖼icon-instant-messenger.a3f153c7.svg468B

🖼icon-insurance-policy.956aebb4.svg785B

🖼icon-launch-site.7961c680.svg303B

🖼icon-login-security.3680153c.svg982B

🖼icon-logo.f9ec3fab.svg423B

🖼icon-lp.5359697d.svg591B

🖼icon-master-password-alert.1c1d38c2.svg387B

🖼icon-meatballs.b854fdbc.svg293B

🖼icon-membership.d49bb194.svg903B

🖼icon-more-locks.b87cad8e.svg7KB

🖼icon-new-three-dots-button.a6f5c01f.svg265B

🖼icon-notification-close-green.f20dc033.svg237B

🖼icon-notification-close-red.a03de6d0.svg237B

🖼icon-notification.7556635c.svg2KB

🖼icon-offline.db3f38b9.svg7KB

🖼icon-one-lock.f09dcdea.svg3KB

🖼icon-passport.9f342cfc.svg1KB

🖼icon-password-eye.72fb8aa2.svg322B

🖼icon-password-keys.1b3c4229.svg941B

🖼icon-password.855534f7.svg432B

🖼icon-pause.ff4ee87c.svg380B

🖼icon-payment-card.be69054a.svg531B

🖼icon-premium-diamond.35c9d999.svg532B

🖼icon-question.69bbb23f.svg444B

🖼icon-red-warning-sign.65446f7a.svg470B

🖼icon-red-warning.035a059a.svg360B

🖼icon-reused-password.eef05c1d.svg6KB

🖼icon-round-one.5134fd3d.svg223B

🖼icon-round-three.a50608dd.svg632B

🖼icon-round-two.962ba6ae.svg441B

🖼icon-secure-note.1c5b9bde.svg754B

🖼icon-security.78412fc5.svg662B

🖼icon-security.b70f464a.svg438B

🖼icon-send-alerts.a78f1ab7.svg2KB

🖼icon-server.8353ae6a.svg1KB

🖼icon-shared-folder.ac2271e9.svg1KB

🖼icon-social-security-number.0dba9ff0.svg820B

🖼icon-software-license.29a54d59.svg608B

🖼icon-ssh-key.68ec6e93.svg2KB

🖼icon-ssh-key.a83908db.svg13KB

🖼icon-success.84add1cb.svg299B

🖼icon-thumbs-up.524d4d55.svg3KB

🖼icon-trash.dc350f2c.svg766B

🖼icon-unlimited-sharing.221ca15f.svg493B

🖼icon-upload.0a25d566.svg964B

🖼icon-vault.27bdbcca.svg1KB

🖼icon-vault.e09d2658.svg1KB

🖼icon-warning-big.a2030389.svg333B

🖼icon-warning-dialog.05c56ced.svg449B

🖼icon-warning-gold.704d0ebc.svg284B

🖼icon-warning-triangle.3d18ed41.svg424B

🖼icon-warning.1e9f34ae.svg445B

🖼icon-warning.7cdda660.svg308B

🖼icon-weak-password.8b7593c6.svg4KB

🖼icon-wifi-password.5a71dae9.svg779B

🖼import_completed.62ed35c2.svg1KB

🖼import_default.4f26981a.svg2KB

🖼infield-icon.3db1eb4c.svg626B

🖼infield-item.87c0fb61.svg389B

🖼infield_edit_pencil.2b5f1a6f.svg736B

🖼info-icon.8d78ddf8.svg425B

🖼install_extension_completed.0c16c07d.svg1KB

🖼install_extension_default.f09c1749.svg1KB

🖼interdit-background.ccd58568.svg490B

🖼interdit.4e291d44.svg421B

🖼ios-fill-icon.e0956405.svg1KB

{}it_IT.b892dc858641207705cc.json2.8MB

🖼key.89eed89a.svg321B

🖼keys.46ef14c6.svg940B

🖼lastpass-mfa.51277936.svg1KB

🖼launch-icon.dc31d6a5.svg763B

🖼launch.00dc74cb.svg589B

🖼link.d2d2bfb2.svg284B

🖼linked-folder.35496fe7.svg895B

🖼linkedin-icon.06af5a45.svg598B

🖼linkedin_icon.5a4d14a1.svg775B

🖼list-add.7dc1f0a4.svg821B

🖼loader.cacedb7b.svg3KB

🖼lock.f9347596.svg416B

🖼login-keys.a5806bb4.svg897B

🖼logo-authenticator.824faf30.svg14KB

🖼lp-loading.5e08fe14a66f408cdc9d.gif785KB

🖼lp-logo-horizontal.badf586a.svg6KB

🖼lp.1f3d4c12.svg379B

🖼magnifying-glass.0cd2bd38.svg289B

🖼magnifying-glass.75f5f3b0.svg289B

🖼mail.eebd9fa0.svg459B

🖼monitor_your_digital_security.bf3237bb.svg303KB

🖼monitor_your_digital_security_default.1a28e4b2.svg2KB

🖼netflix_icon.ae6125d6.svg3KB

{}nl_NL.109c1592e27c8ce55740.json2.8MB

🌐noteDialog.53501025.html3KB

🖼novice_inactive.62ecf88e.svg3KB

🖼old_generate_password.9c93ab23.svg1KB

🖼old_infield.79b1d6a0.svg443B

🖼outlook-icon.3a49d477.svg4KB

🖼passkey-generic-error.2df22fd3.svg2KB

🖼passkey-lock.c42e67ed.svg676B

🖼passkey-login-illustration.b9c3a1c7.svg26KB

🖼passkey-oops.386dc56c.svg5KB

🖼passkey-vault.039f8fb0.svg2KB

🖼password-health.9a5ebc3c.svg2KB

🖼password-icon.8a4e2acd.svg1KB

🖼passwordless-login.b6f48ab6.svg10KB

🖼passwordless-logo-authn.a85f6483.svg11KB

🖼payment-card.84e09101.svg501B

🖼paypal_icon.3c0f98d6.svg1KB

🖼pencil.2b5f1a6f.svg736B

🖼pencil.ce3abe08.svg803B

🖼pin_extension_default.2fd6cbb0.svg1KB

🖼play_store.2b1132ea.svg6KB

🖼plus.dc69fc23.svg364B

🌐preferencesDialog.c3bf5551.html18KB

🖼premium-diamond.2bd3bbb9.svg3KB

🖼premium.3423b9d0.svg6KB

🖼pro.ca7c5122.svg4KB

🖼pro_active.caaffb9d.svg3KB

🖼pro_inactive.db507f82.svg3KB

🖼processing.5891fb4c.svg11KB

{}pt_BR.0bd22c629bb4e4602fb4.json2.8MB

🖼qr_code.813ab0ff.svg6KB

🖼recent-empty-state.0b693bb1.svg3KB

🖼rectangle.bcd73e32.svg191B

🖼red-logo-center-aligned.857fd1dc.svg7KB

🖼red-logo-left-aligned.72a56bc6.svg7KB

🖼refresh.0a6724fa.svg794B

🖼remaining-switches.6ce430f2.svg839B

🖼reward-claimed-check.5e152977.svg2KB

🖼reward.5ac5d649.svg20KB

🖼rookie.74bf32b4.svg3KB

🖼rookie_active.1ffef084.svg2KB

🖼rookie_inactive.f96d972b.svg3KB

🖼save_password_completed.57148cac.svg2KB

🖼save_password_default.74761bac.svg2KB

🖼search-results-open-vault.1193d122.svg12KB

🖼search-vault.fb88bfdb.svg11KB

🖼search.482bfd36.svg294B

🖼security-checkup-done.9b411faf.svg5KB

🖼security_dashboard.1463ac9c.svg6KB

🖼share.3f50b56f.svg4KB

🖼share.d4cfbe08.svg407B

🖼share_folder_completed.ff07fe98.svg3KB

🖼share_folder_default.9034c997.svg3KB

🖼share_password_completed.d58eac37.svg3KB

🖼share_password_default.eb27120d.svg4KB

🖼share_password_illustration.ded94410.svg14KB

🖼shared-folder.e390addc.svg1KB

🌐siteDialog.913f997a.html7KB

🖼six-licences.87aa5dab.svg6KB

🖼skilled.2364064b.svg4KB

🖼skilled_active.03894091.svg3KB

🖼skilled_inactive.e80e58ca.svg3KB

🖼sshKey.e4fae062.svg2KB

🖼star.ae05856d.svg724B

🖼success.d786e4cb.svg7KB

🖼switch-device-icon-blue-light.56322382.svg6KB

🖼switch-device-icon-red-light.6eda4bbf.svg6KB

🖼switch-device-icon-yellow-light.76d05919.svg6KB

🖼switch-last.917602ba.svg12KB

🖼tabs-chevron-left.a7ad7d85.svg277B

🖼tabs-chevron-right.2e130edf.svg276B

🖼toggle.92c9caeb.svg188B

🖼toolbar-account-settings-icon.f06c44b4.svg890B

🖼toolbar-clear-local-data-icon.17643a1b.svg944B

🖼toolbar-export-icon.1a66f4b7.svg680B

🖼toolbar-extension-settings-icon.bb0d5859.svg735B

🖼toolbar-fix-problem-icon.200ee89b.svg2KB

🖼toolbar-get-help-icon.feefcf53.svg385B

🖼toolbar-lastpass-icon.9d80efc3.svg531B

🖼toolbar-logout-everywhere-icon.8b812cb6.svg766B

🖼toolbar-logout-icon.f62a9730.svg640B

🖼toolbar-refresh-vault-icon.3820fb17.svg788B

🖼toolbar-report-bug-icon.9f40aa33.svg1KB

🖼toolbar-support-center-icon.feefcf53.svg385B

🖼toolbar-user-icon.97d75958.svg276B

🖼tooltip-dismiss.535b5fe1.svg287B

🖼track-and-enforce.e37ee3fb.svg2KB

🖼try_autofill_completed.01abca07.svg4KB

🖼try_autofill_default.c2045183.svg5KB

🖼try_families_loading.5b2e6c66.svg9KB

🖼unlimited-shared-folders.fb48fc00.svg3KB

🖼upgrade-banner-background.2e494278.svg6KB

🖼upgradetier.98a1127c81f426c27ad9.png42KB

🖼url-encryption-action-button-icon.89bd690a.svg717B

🖼url-encryption-icon.b3e1a8f1.svg6KB

🖼user-management.a21d69ee.svg3KB

🖼user.797cdb9f.svg287B

🖼vault-search.72cdc312.svg12KB

🖼vault-with-items.7b3fa3da.svg11KB

🖼vault.61c22790.svg8KB

🖼vault.718ddd1b.svg1KB

🖼vault_tour_completed.7cdd0a01.svg6KB

🖼vault_tour_default.31627f5a.svg8KB

🖼waiting.44eba62c.svg845B

🖼warning.c3cdb75b.svg271B

🖼x-icon.a43f77fe.svg195B

🌐about-lp.html931B

📜background-redux-new.js9.9MBlarge

📄background-redux-new.js.LICENSE.txt3KB

🌐background.html298B

🌐clipboard-permission.html1015B

📜credentials-library.js32KB

📄credentials-library.js.LICENSE.txt225B

🌐edit.html1KB

🌐extension-pendo.html939B

📜federated-login-content-script.js737B

🌐fill-comfirmation.html1012B

📜first-password-loggedin-detector.js1KB

📜inject-credentials.js253B

🌐login.html1KB

{}manifest.json3KB

🌐offscreen-zxcvbn.html715B

🌐offscreen.html85B

📜offscreen.js891B

🌐passkey-user-verification.html1019B

🌐password-reprompt.html1012B

🌐preferences.html1KB

📜redirect-web-vault.js44B

📜sha256.js6KB

📜sjcl.js11KB

📜vault-sync-document-start-safari.js74B

📜vault-sync-document-start.js70B

🌐vault.html314B

📜web-client-content-script.js3.3MBlarge

📄web-client-content-script.js.LICENSE.txt3KB

📜web-client-credentials-messenger.js1KB

📜web-client-safari-okta-login-request.js279KBlarge

📄web-client-safari-okta-login-request.js.LICENSE.txt1KB

📜web-client-web-federated-login-document-start.js142KBlarge

📄web-client-web-federated-login-document-start.js.LICENSE.txt971B

🌐webclient-extension-toolbar-mobile.html1KB

🌐webclient-extension-toolbar.html1KB

🌐webclient-infield.html1003B

🌐webclient-tab-prompt.html1KB

📜zxcvbn-calculate-password-strength.js225B

📜zxcvbn-offscreen-overrides.js655B

📜zxcvbn-ts-language-common.js394KBlarge

📜zxcvbn-ts-language-de.js822KBlarge

📜zxcvbn-ts-language-en.js1.2MBlarge

📜zxcvbn-ts-language-es-es.js766KBlarge

📜zxcvbn-ts-language-fr.js634KBlarge

📜zxcvbn-ts-language-it.js631KBlarge

📜zxcvbn-ts-language-nl-be.js419KBlarge

📜zxcvbn-ts-language-pt-br.js511KBlarge

📜zxcvbn-ts.js22KB

📜zxcvbn-worker.js20KB

📜zxcvbn.js800KBlarge

Here is the comprehensive security report in JSON format:

```json
{
"summary": "LastPass is a password manager that securely stores and autofills login credentials, generating strong passwords and offering multi-factor authentication. It's designed for individuals and businesses to manage their online identities safely.",

"permissions": [
{
"name": "scripting",
"user_explanation": "This permission allows the extension to run scripts on web pages, which is necessary for LastPass to autofill login credentials.",
"technical_note": "The scripting permission grants access to Chrome's content script injection APIs, enabling the extension to execute JavaScript code in the context of web pages. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "tabs",
"user_explanation": "This permission allows LastPass to access and interact with open tabs, which is necessary for autofill functionality.",
"technical_note": "The tabs permission grants access to Chrome's tab management APIs, enabling the extension to read and modify tab state. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "notifications",
"user_explanation": "This permission allows LastPass to display notifications to the user, which is necessary for alerts and prompts.",
"technical_note": "The notifications permission grants access to Chrome's notification system APIs, enabling the extension to display notifications. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "storage",
"user_explanation": "This permission allows LastPass to store and retrieve data locally on the user's device, which is necessary for password storage and autofill functionality.",
"technical_note": "The storage permission grants access to Chrome's local storage APIs, enabling the extension to read and write data. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "unlimitedStorage",
"user_explanation": "This permission allows LastPass to store an unlimited amount of data locally on the user's device, which is necessary for large-scale password storage and autofill functionality.",
"technical_note": "The unlimitedStorage permission grants access to Chrome's local storage APIs with no quota restrictions. This introduces a significant potential attack surface if compromised.",
"aligned": true,
"concern": true
},
{
"name": "webNavigation",
"user_explanation": "This permission allows LastPass to intercept and modify web page navigation, which is necessary for autofill functionality.",
"technical_note": "The webNavigation permission grants access to Chrome's web navigation APIs, enabling the extension to observe and modify web page requests. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "webRequest",
"user_explanation": "This permission allows LastPass to intercept and modify web page requests, which is necessary for autofill functionality.",
"technical_note": "The webRequest permission grants access to Chrome's web request APIs, enabling the extension to observe and modify web page requests. This introduces a significant potential attack surface if compromised.",
"aligned": true,
"concern": true
},
{
"name": "webRequestAuthProvider",
"user_explanation": "This permission allows LastPass to authenticate with web servers, which is necessary for autofill functionality.",
"technical_note": "The webRequestAuthProvider permission grants access to Chrome's web request authentication APIs, enabling the extension to authenticate with web servers. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "offscreen",
"user_explanation": "This permission allows LastPass to run in the background even when the browser is closed, which is necessary for password storage and autofill functionality.",
"technical_note": "The offscreen permission grants access to Chrome's background script APIs, enabling the extension to run in the background. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "alarms",
"user_explanation": "This permission allows LastPass to schedule and execute tasks at specific times, which is necessary for password storage and autofill functionality.",
"technical_note": "The alarms permission grants access to Chrome's alarm APIs, enabling the extension to schedule and execute tasks. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "privacy",
"user_explanation": "This permission allows LastPass to access sensitive user data, which is necessary for password storage and autofill functionality.",
"technical_note": "The privacy permission grants access to Chrome's private browsing APIs, enabling the extension to access sensitive user data. This introduces a significant potential attack surface if compromised.",
"aligned": true,
"concern": true
},
{
"name": "clipboardWrite",
"user_explanation": "This permission allows LastPass to write data to the clipboard, which is necessary for autofill functionality.",
"technical_note": "The clipboardWrite permission grants access to Chrome's clipboard APIs, enabling the extension to write data. This introduces a potential attack surface if compromised.",
"aligned": true,
"concern": false
},
{
"name": "http://*/*",
"user_explanation": "This permission allows LastPass to make HTTP requests to any domain, which is necessary for password storage and autofill functionality.",
"technical_note": "The http://*/* permission grants access to Chrome's web request APIs with no host restrictions. This introduces a significant potential attack surface if compromised.",
"aligned": true,
"concern": true
},
{
"name": "https://*/*",
"user_explanation": "This permission allows LastPass to make HTTPS requests to any domain, which is necessary for password storage and autofill functionality.",
"technical_note": "The https://*/* permission grants access to Chrome's web request APIs with no host restrictions. This introduces a significant potential attack surface if compromised.",
"aligned": true,
"concern": true
}
],

"data_exposure": {
"summary": "LastPass stores and retrieves user data locally on the device, including passwords, credit cards, and other sensitive information. It also sends data to its servers via HTTPS requests.",
"technical": "The extension contacts various domains, including www.w3.org, link.lastpass.com, lastpass.com, github.com, momentjs.com, www.googleapis.com, etc., using protocols such as HTTP, HTTPS, and WebSocket. It stores data in local storage and sends it to its servers via HTTPS requests."
},

"findings": [
{
"title": "Dynamic Code Execution",
"severity": "high",
"user_explanation": "The extension uses the Function constructor to execute dynamic code, which can be used for malicious purposes.",
"technical_detail": "The extension uses the Function constructor in various JavaScript files (e.g., background.js) to execute dynamic code. This introduces a potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use dynamic code execution for legitimate purposes, such as loading external scripts or executing user-provided code.",
"concern": true
},
{
"title": "Alternative to eval",
"severity": "high",
"user_explanation": "The extension uses the execScript method instead of eval, which can be used for malicious purposes.",
"technical_detail": "The extension uses the execScript method in various JavaScript files (e.g., background.js) as an alternative to eval. This introduces a potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use execScript instead of eval for legitimate purposes, such as loading external scripts or executing user-provided code.",
"concern": true
},
{
"title": "innerHTML Assignment",
"severity": "medium",
"user_explanation": "The extension uses innerHTML assignment to inject HTML content into web pages, which can be used for malicious purposes.",
"technical_detail": "The extension uses innerHTML assignment in various JavaScript files (e.g., content.js) to inject HTML content into web pages. This introduces a potential XSS vector if compromised.",
"legitimate_use": "Legitimate extensions may use innerHTML assignment for legitimate purposes, such as injecting HTML content or modifying web page layout.",
"concern": true
},
{
"title": "String.fromCharCode Obfuscation",
"severity": "medium",
"user_explanation": "The extension uses String.fromCharCode to obfuscate code, which can be used for malicious purposes.",
"technical_detail": "The extension uses String.fromCharCode in various JavaScript files (e.g., background.js) to obfuscate code. This introduces a potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use String.fromCharCode for legitimate purposes, such as encoding or decoding data.",
"concern": true
},
{
"title": "XHR Requests",
"severity": "info",
"user_explanation": "The extension makes XHR requests to its servers, which is necessary for password storage and autofill functionality.",
"technical_detail": "The extension uses the XMLHttpRequest object in various JavaScript files (e.g., background.js) to make XHR requests to its servers. This introduces a potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use XHR requests for legitimate purposes, such as communicating with their servers or loading external data.",
"concern": false
},
{
"title": "Fetch API",
"severity": "info",
"user_explanation": "The extension uses the Fetch API to make HTTP requests to its servers, which is necessary for password storage and autofill functionality.",
"technical_detail": "The extension uses the Fetch API in various JavaScript files (e.g., background.js) to make HTTP requests to its servers. This introduces a potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use the Fetch API for legitimate purposes, such as communicating with their servers or loading external data.",
"concern": false
},
{
"title": "Beacon API",
"severity": "medium",
"user_explanation": "The extension uses the Beacon API to send data to its servers, which is necessary for password storage and autofill functionality.",
"technical_detail": "The extension uses the Beacon API in various JavaScript files (e.g., background.js) to send data to its servers. This introduces a potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use the Beacon API for legitimate purposes, such as sending analytics data or user feedback.",
"concern": true
},
{
"title": "Background Script",
"severity": "high",
"user_explanation": "The extension runs in the background even when the browser is closed, which can be used for malicious purposes.",
"technical_detail": "The extension uses the offscreen permission to run in the background even when the browser is closed. This introduces a significant potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use background scripts for legitimate purposes, such as running tasks or communicating with their servers.",
"concern": true
},
{
"title": "Local Storage",
"severity": "high",
"user_explanation": "The extension stores and retrieves data locally on the device, which can be used for malicious purposes.",
"technical_detail": "The extension uses the storage permission to store and retrieve data locally on the device. This introduces a significant potential attack surface if compromised.",
"legitimate_use": "Legitimate extensions may use local storage for legitimate purposes, such as storing user preferences or caching data.",
"concern": true
}
],

"conclusion": "The LastPass extension has several security concerns that need to be addressed. The dynamic code execution, alternative to eval, innerHTML assignment, String.fromCharCode obfuscation, XHR requests, Fetch API, Beacon API, background script, and local storage all introduce potential attack surfaces if compromised. However, the extension also uses legitimate features such as password storage, autofill functionality, and communication with its servers for legitimate purposes."
}