Lastpass Free Password Ma
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
LastPass is the easiest way to manage passwords—wherever you browse.
Tired of forgetting passwords or resetting them constantly? Meet LastPass, the trusted password manager—used by millions of people and thousands of businesses—to keep passwords and other account info safe, secure, and always within reach.
With LastPass, you only need to remember one master password. We’ll handle the rest—autofilling logins, generating secure passwords, and syncing across all your devices. Whether you're browsing on Chrome or logging into your favorite website, LastPass makes it effortless.
WHY MILLIONS TRUST LASTPASS
🔐 Secure Password Vault: Store all your passwords, passphrases, passkeys, usernames, and payment methods in one encrypted place.
⚡ Autofill Made Easy: Instantly fill in login credentials on websites and in apps—no typing required.
🧠 One Master Password: Just remember one password—LastPass remembers the rest.
📝 More Than Passwords: Securely store credit cards, insurance info, social security numbers, and private notes.
🤝 Share Securely: Share passwords safely with family, friends, or coworkers.
🔒 Built-In Password Generator: Create strong, unique passwords and passphrases in a single tap.
🛡️ Multi-Factor Authentication (MFA): Add an extra layer of protection to your password app.
GO PREMIUM FOR MORE POWER
Try LastPass Premium free for 30 days and unlock:
📱 Unlimited device access across all platforms
🌐 Access on Edge, Firefox, and other browser extensions
🔗 Unlimited sharing of passwords and notes
☁️ 1GB of encrypted file storage
🛡️ Advanced MFA options like YubiKey
🚨 Emergency access for trusted contacts
💬 Priority customer support
BUILT FOR SECURITY
Your data is encrypted with bank-grade AES-256 encryption—only you can unlock your vault. Even we can’t access it.
RECOGNIZED. RESPECTED. RECOMMENDED.
There’s a reason LastPass is trusted by millions and featured in top publications like Forbes, PCMag, TechRadar, and ZDNet. We consistently lead the way in ease of use and customer support, earning top ratings on platforms like G2. When it comes to password managers, users and experts agree—LastPass delivers.
DOWNLOAD LASTPASS TODAY
Start using the smarter, safer way to manage your passwords and passkeys.
Terms of Service: https://www.lastpass.com/legal-center/terms-of-service/
Tags
Privacy Practices
✓
Not being sold to third parties, outside of the approved use cases
✓
Not being used or transferred for purposes that are unrelated to the item's core functionality
✓
Not being used or transferred to determine creditworthiness or for lending purposes
✅ Version v4.151.4 was recently scanned.
Security Analysis — Lastpass Free Password Ma
Permissions
Code Patterns Detected
External Connections
Package Contents 604 files · 56.9MB
▾_locales1KB
▾de
messages.json144B
▾en
messages.json179B
▾es
messages.json151B
▾fr
messages.json135B
▾it
messages.json151B
▾nl
messages.json143B
▾pt_BR
messages.json148B
▾_metadata85KB
verified_contents.json85KB
▾images299KB
▾iconset29KB
18x18_Breach.png531B
18x18_Gray.png400B
18x18_Green.png380B
18x18_Red.png371B
18x18_Yellow.png375B
19x19_Breach.png616B
19x19_Breach_2x.png1KB
19x19_Gray.png479B
19x19_Gray_2x.png860B
19x19_Green.png471B
19x19_Green_2x.png848B
19x19_Red.png473B
19x19_Red_2x.png840B
19x19_Yellow.png450B
19x19_Yellow_2x.png809B
▾iconset313KB
18x18_Breach.png669B
18x18_Gray.png504B
18x18_Green.png541B
18x18_Red.png541B
18x18_Yellow.png620B
19x19_Breach.png694B
19x19_Breach_2x.png2KB
19x19_Gray.png548B
19x19_Gray_2x.png1KB
19x19_Green.png567B
19x19_Green_2x.png1KB
19x19_Red.png567B
19x19_Red_2x.png1KB
19x19_Yellow.png651B
19x19_Yellow_2x.png2KB
▾iconset415KB
18x18_Breach.png736B
18x18_Gray.png536B
18x18_Green.png615B
18x18_Red.png619B
18x18_Yellow.png633B
19x19_Breach.png806B
19x19_Breach_2x.png2KB
19x19_Gray.png569B
19x19_Gray_2x.png1KB
19x19_Green.png671B
19x19_Green_2x.png2KB
19x19_Red.png671B
19x19_Red_2x.png2KB
19x19_Yellow.png647B
19x19_Yellow_2x.png2KB
▾iconset510KB
18x18_Breach.png582B
18x18_Gray.png430B
18x18_Green.png435B
18x18_Red.png428B
18x18_Yellow.png438B
19x19_Breach.png644B
19x19_Breach_2x.png1KB
19x19_Gray.png508B
19x19_Gray_2x.png903B
19x19_Green.png540B
19x19_Green_2x.png922B
19x19_Red.png509B
19x19_Red_2x.png923B
19x19_Yellow.png508B
19x19_Yellow_2x.png916B
▾safari-icons199KB
icon-128.png13KB
icon-256.png42KB
icon-48.png3KB
icon-512.png128KB
icon-64.png4KB
icon-96.png8KB
icon-128.png3KB
icon-256.png6KB
icon-48.png1KB
icon-512.png14KB
icon-64.png2KB
icon-96.png4KB
toolbar-alt-icon-16.png1KB
toolbar-alt-icon-19.png1KB
toolbar-alt-icon-32.png2KB
toolbar-alt-icon-38.png2KB
toolbar-alt-icon-48.png3KB
toolbar-alt-icon-72.png3KB
toolbar-icon-16.png1KB
toolbar-icon-19.png1KB
toolbar-icon-32.png2KB
toolbar-icon-38.png2KB
toolbar-icon-48.png2KB
toolbar-icon-72.png3KB
▾static36.7MB
▾css74KB
146.4d397f48.css55KB
54.b1b5a484.chunk.css7KB
extensionToolbar.12407cec.css4KB
extensionToolbarMobile.12407cec.css4KB
login.12407cec.css4KB
preferences.7af91b54.css694B
▾js14MB
208.208.js551KBlarge
208.208.js.LICENSE.txt1KB
216.vendors.js1.3MBlarge
216.vendors.js.LICENSE.txt3KB
228.zxcvbnCommonPackage.chunk.js394KBlarge
285.extensionToolbar.js659KBlarge
297.infield.js60KBlarge
359.vendors-redux.js30KB
363.fillConfirmation.js7KB
366.passkeyUserVerification.js5KB
381.zxcvbnFrPackage.chunk.js635KBlarge
393.zxcvbnItPackage.chunk.js631KBlarge
401.vendors-emotion.js49KB
443.about.js3KB
484.vendors-lingui.js7KB
508.zxcvbnNlBePackage.chunk.js419KBlarge
513.packages.js1.1MBlarge
535.login.js32KB
54.54.chunk.js363KBlarge
544.preferences.js193KBlarge
619.619.js112KBlarge
627.627.js21KB
655.passwordReprompt.js3KB
666.runtime.js5KB
67.67.chunk.js226KBlarge
673.0dbb249c.chunk.js186KBlarge
673.0dbb249c.chunk.js.LICENSE.txt233B
673.673.chunk.js186KBlarge
673.673.chunk.js.LICENSE.txt233B
68.vendors-chakra.js346KBlarge
71.zxcvbnEsEsPackage.chunk.js766KBlarge
753.clipboardPermission.js6KB
815.extensionToolbarMobile.js56KBlarge
844.tabPrompt.js494KBlarge
889.zxcvbnPtBrPackage.chunk.js511KBlarge
893.pbkdf2-ie11.chunk.js89B
896.vendors-react.js138KBlarge
896.vendors-react.js.LICENSE.txt971B
899.zxcvbnDePackage.chunk.js822KBlarge
916.core-frontend.js1.9MBlarge
922.edit.js41KB
923.zxcvbn.chunk.js799KBlarge
95.zxcvbnEnPackage.chunk.js1.2MBlarge
951.extensionPendo.js4KB
956.pbkdf2-ie-legacy.chunk.js6KB
pbkdf2-ie-legacy.bbdd2a9b.chunk.js6KB
pbkdf2-ie11.a3ef7173.chunk.js87B
▾media22.6MB
Address.b9ecf2a9.svg902B
AmericanExpress.2f723b4c.svg3KB
BankAccount.0e24e1c5.svg498B
Close.93bb8f8c.svg479B
CloudApp.42f77c9b.svg993B
Copy.02c6a813.svg278B
Database.ace68520.svg1KB
Discover.9cd76487.svg65KB
DriversLicense.d712e224.svg2KB
Email.f3988a8e.svg537B
HealthInsurance.546e9ad1.svg793B
InstantMessenger.c8067310.svg529B
Insurance.1f94139e.svg1KB
LastPass-Logo-Color.f2f89a4b.svg6KB
LastPass.dc936eef.svg452B
Loading.54df61e2d9857727ec80.gif12KB
Login.f669a683.svg785B
Maestro.66bb81e2.svg853B
Mastercard.26eb0f20.svg826B
Membership.4e6ce1c6.svg897B
Note.41c8fbbf.svg712B
PasskeyIconBadge.e70969f7.svg952B
PasskeyIllustration.d10ed81a.svg20KB
Passport.6474c7a7.svg2KB
Password.855534f7.svg432B
Payment-card.2779748d.svg696B
Refresh.a8fba1a0.svg824B
Search.ef41fae39ef89a4e1768.png15KB
Search_Close.b1453b4b4897fdaf02aa.png14KB
Server.b912aec0.svg1KB
SocialSecurity.f21d789d.svg725B
SoftwareLicense.fde7e85d.svg637B
Visa.22519221.svg34KB
Warning-Icon.4c7e0866.svg644B
Wifi.3e8b255f.svg1KB
account-manager-dashboard.5c106c5e.svg3KB
add-icon.1131b27a.svg252B
add-record.119c1ff2.svg416B
add.c41f54de.svg365B
add10_completed.bb7c9cf2.svg2KB
add10_default.fd64f676.svg2KB
add3_completed.3e715ecb.svg2KB
add3_default.bc400fe3.svg2KB
addFormFieldDialog.6abc4c33.html755B
addTotpDialog.1284bfa2.html558B
add_address_completed.b1a3163a.svg2KB
add_address_default.6a716cb1.svg2KB
add_address_illustration.77d60356.svg24KB
add_note_completed.02f09d27.svg2KB
add_note_default.f21f2ca9.svg2KB
add_payment_card_completed.2f23e4a4.svg2KB
add_payment_card_default.aeaf5dcf.svg2KB
add_payment_card_illustration.4d5918c2.svg23KB
add_white.3abb1ed8.svg177B
alert-circle.c3179b05.svg535B
alert.5044bb78.svg380B
alert.bb58f3b6.svg3KB
alertDialog.03ae5416.html27B
amazon-icon.f42b5f90.svg162KB
app_store.7643e964.svg6KB
arrow-back.90746688.svg315B
arrow-right.785a4966.svg262B
arrow_left.5e51e176.svg420B
authlogo-ms.5a6c4b6a.svg92KB
authlogo-secureauth@2x.30e18509c48bd06e4d69.png11KB
auto-fill-magic.59347e13.svg12KB
autofill-magic.d23840e9.svg12KB
back-icon.440a629f.svg308B
bin.460b6048.svg656B
blocked-page.df9201e1.svg5KB
business_onboarding.38c71ffe.svg905B
business_skill_icon_completed.a20de285.svg779B
check-mark-green.34c3b59a.svg216B
check.c4fd7685.svg372B
check_green.cd6171f9.svg386B
check_small.a3b10d90.svg276B
checkmark.2daa2e72.svg319B
chevron-down.a91aef84.svg286B
chevron-right.09494dfc.svg275B
chevron-right.5b04b232.svg392B
chevron_left.8b9bb2df.svg488B
chrome_settings.25079344.svg331B
chrome_settings_passwords.2a723228.svg6KB
chrome_toolbar_settings.6c327caf.svg7KB
close.c1889d61.svg317B
close.d3308966.svg318B
close_modal.1435e175.svg406B
cloud-apps-folder.20157126.svg777B
company.49beef36.svg4KB
confirm-federated-migration.a38e51bd.svg7KB
confirmation-error-icon.3f46d735.svg467B
confirmationDialog.ad60ee5c.html34B
contact.59da94fe.svg809B
copy-duplicate-icon.444701e0.svg378B
copy-duplicate-icon.f0b94046.svg289B
copy.47f3d654.svg389B
curved_arrow_long_new.782e2f02.svg6KB
dark_web_monitoring_completed.30cad70e.svg3KB
dark_web_monitoring_default.e625baac.svg4KB
de_DE.0051a77eb8dace4bf475.json2.9MB
disable_browser_password_manager_completed.dc371bbc.svg2KB
disable_browser_password_manager_default.2e7af729.svg2KB
download.d309b625.svg582B
download_mobile_app_completed.92b9189f.svg1KB
download_mobile_app_default.b3bb0e55.svg2KB
drawer_close_icon.5f716e80.svg551B
dropbox_icon.bfcb901b.svg555B
edit-pencil.524d820c.svg740B
emergency.73f7b261.svg5KB
emergency_access_completed.32bbec43.svg4KB
emergency_access_default.02c75f53.svg4KB
emergency_access_illustration.8a3aace8.svg5KB
empty-chart.65dd9a22.svg825B
empty-state-edit-record.a35e8f5b.svg5KB
en_US.04a67f013e83ff96f4f1.json2.7MB
enterprise-widget-background.9a66af25.svg14KB
error.9e9dfc2c.svg3KB
es_ES.80a506c563ddca02c993.json2.9MB
exclamation-icon.880abe0d.svg283B
expand-right.7743eb1a.svg429B
external-link-icon.e47f1f6f.svg603B
facebook-icon.ba179cc5.svg560B
facebook_icon.f9909774.svg270B
families.ab38b7cb.svg4KB
families_completed.f1ea2a00.svg3KB
families_default.b91315c6.svg3KB
favourite-empty-state.bee53251.svg7KB
feature-dwm-icon.afa1de34.svg2KB
feature-multi-device-mobile-icon.55e156ae.svg693B
feature-multi-device-pc-icon.ba878197.svg1KB
feature-share-icon.cb5f46d8.svg1KB
fieldHistoryDialog.5daf3b78.html553B
filled-star.ea23670c.svg469B
folder.85a35900.svg316B
fr_FR.2d07815b1ab6774a1ebf.json2.9MB
gear-icon.dfe20100.svg987B
generate_password.957d9a90.svg820B
generate_password_completed.c836cc44.svg4KB
generate_password_default.6603d688.svg4KB
gmail_icon.fc5eded4.svg783B
google-icon.f05cea7b.svg898B
hide.5f3b3479.svg636B
home-icon.5bcc1ea6.svg736B
how_to_move_to_folder.a99ae193.svg331KB
icon-25-percent.c9f13c54.svg20KB
icon-30-percent.50ea4dff.svg19KB
icon-account.4880353f.svg261B
icon-add.cb36d116.svg413B
icon-address.aaa1b8bb.svg843B
icon-advanced-feature.be163ab0.svg1011B
icon-alert-white.54030817.svg280B
icon-alert.bb58f3b6.svg3KB
icon-angle-down.43e578eb.svg275B
icon-arrow-left.d91906c5.svg291B
icon-back.2c0ee774.svg156B
icon-bank-account.aa870f46.svg275B
icon-bin-yellow.3bd67dff.svg734B
icon-blue-info.087d83b7.svg420B
icon-breach-alert.1c85bb50.svg6KB
icon-breached-password-alert.91acf334.svg1KB
icon-bug.74e5f98a.svg491B
icon-calendar.89ea31d3.svg1KB
icon-check-circle.758af179.svg200B
icon-check.011cafc7.svg402B
icon-chevron-down.81c4a2c4.svg280B
icon-chevron-down.b963d0a4.svg395B
icon-chevron-left.42abb45d.svg282B
icon-chevron-up.ab5d4311.svg488B
icon-chevron-up.bec7239f.svg277B
icon-close-small.b2abe3a8.svg335B
icon-close.2623746f.svg375B
icon-close.538e9649.svg493B
icon-close.892cdeee.svg288B
icon-close.a7a1a9d3.svg374B
icon-close.b1c724c1.svg318B
icon-close.d582d891.svg202B
icon-close2.437e2780.svg344B
icon-copy-to-clipboard.c55abfd7.svg974B
icon-crossed-password-eye.ffd7c1bb.svg629B
icon-custom.0e2f058c.svg853B
icon-dark-web-alert.d4f648bb.svg2KB
icon-database.da1a2e74.svg1KB
icon-delete.4a3c6449.svg625B
icon-dont-send-alerts-yellow.9c61efbb.svg476B
icon-dont-send-alerts.400f35a9.svg429B
icon-drag-and-drop.08a8c531.svg131B
icon-drivers-license.fddbca62.svg1KB
icon-email-account.a5b7a916.svg659B
icon-emergency-access.b3418e60.svg1KB
icon-error-dialog.bbe63bcd.svg451B
icon-error.397a3dea.svg415B
icon-exclude-yellow.c52c1004.svg687B
icon-external-link.431f1b4d.svg578B
icon-external-link.da1e2ee6.svg732B
icon-external-link.fa217a1a.svg398B
icon-eye-hide.ae8f5759.svg974B
icon-eye-hide.c82fc488.svg780B
icon-eye-hide.e82d78f5.svg794B
icon-eye-show.834bb754.svg459B
icon-eye-show.b79b90b3.svg461B
icon-eye-show.cf870e9f.svg544B
icon-generate-password.902cbda5.svg977B
icon-generic-error.3e89973a.svg6KB
icon-green-check.c0a23693.svg2KB
icon-health-insurance.6902a9c1.svg975B
icon-help.2759307f.svg315B
icon-help.2b2e17f3.svg420B
icon-indeterminate.8c8e51d0.svg168B
icon-info.10ac782c.svg699B
icon-info.7c59f5b4.svg420B
icon-info.b31d7ae1.svg420B
icon-information.6943459b.svg2KB
icon-instant-messenger.a3f153c7.svg468B
icon-insurance-policy.956aebb4.svg785B
icon-launch-site.7961c680.svg303B
icon-login-security.3680153c.svg982B
icon-logo.f9ec3fab.svg423B
icon-lp.5359697d.svg591B
icon-master-password-alert.1c1d38c2.svg387B
icon-meatballs.b854fdbc.svg293B
icon-membership.d49bb194.svg903B
icon-more-locks.b87cad8e.svg7KB
icon-new-three-dots-button.a6f5c01f.svg265B
icon-notification-close-green.f20dc033.svg237B
icon-notification-close-red.a03de6d0.svg237B
icon-notification.7556635c.svg2KB
icon-offline.db3f38b9.svg7KB
icon-one-lock.f09dcdea.svg3KB
icon-passport.9f342cfc.svg1KB
icon-password-eye.72fb8aa2.svg322B
icon-password-keys.1b3c4229.svg941B
icon-password.855534f7.svg432B
icon-pause.ff4ee87c.svg380B
icon-payment-card.be69054a.svg531B
icon-premium-diamond.35c9d999.svg532B
icon-question.69bbb23f.svg444B
icon-red-warning-sign.65446f7a.svg470B
icon-red-warning.035a059a.svg360B
icon-reused-password.eef05c1d.svg6KB
icon-round-one.5134fd3d.svg223B
icon-round-three.a50608dd.svg632B
icon-round-two.962ba6ae.svg441B
icon-secure-note.1c5b9bde.svg754B
icon-security.78412fc5.svg662B
icon-security.b70f464a.svg438B
icon-send-alerts.a78f1ab7.svg2KB
icon-server.8353ae6a.svg1KB
icon-shared-folder.ac2271e9.svg1KB
icon-social-security-number.0dba9ff0.svg820B
icon-software-license.29a54d59.svg608B
icon-ssh-key.68ec6e93.svg2KB
icon-ssh-key.a83908db.svg13KB
icon-success.84add1cb.svg299B
icon-thumbs-up.524d4d55.svg3KB
icon-trash.dc350f2c.svg766B
icon-unlimited-sharing.221ca15f.svg493B
icon-upload.0a25d566.svg964B
icon-vault.27bdbcca.svg1KB
icon-vault.e09d2658.svg1KB
icon-warning-big.a2030389.svg333B
icon-warning-dialog.05c56ced.svg449B
icon-warning-gold.704d0ebc.svg284B
icon-warning-triangle.3d18ed41.svg424B
icon-warning.1e9f34ae.svg445B
icon-warning.7cdda660.svg308B
icon-weak-password.8b7593c6.svg4KB
icon-wifi-password.5a71dae9.svg779B
import_completed.62ed35c2.svg1KB
import_default.4f26981a.svg2KB
infield-icon.3db1eb4c.svg626B
infield-item.87c0fb61.svg389B
infield_edit_pencil.2b5f1a6f.svg736B
info-icon.8d78ddf8.svg425B
install_extension_completed.0c16c07d.svg1KB
install_extension_default.f09c1749.svg1KB
interdit-background.ccd58568.svg490B
interdit.4e291d44.svg421B
ios-fill-icon.e0956405.svg1KB
it_IT.b892dc858641207705cc.json2.8MB
key.89eed89a.svg321B
keys.46ef14c6.svg940B
lastpass-mfa.51277936.svg1KB
launch-icon.dc31d6a5.svg763B
launch.00dc74cb.svg589B
link.d2d2bfb2.svg284B
linked-folder.35496fe7.svg895B
linkedin-icon.06af5a45.svg598B
linkedin_icon.5a4d14a1.svg775B
list-add.7dc1f0a4.svg821B
loader.cacedb7b.svg3KB
lock.f9347596.svg416B
login-keys.a5806bb4.svg897B
logo-authenticator.824faf30.svg14KB
lp-loading.5e08fe14a66f408cdc9d.gif785KB
lp-logo-horizontal.badf586a.svg6KB
lp.1f3d4c12.svg379B
magnifying-glass.0cd2bd38.svg289B
magnifying-glass.75f5f3b0.svg289B
mail.eebd9fa0.svg459B
monitor_your_digital_security.bf3237bb.svg303KB
monitor_your_digital_security_default.1a28e4b2.svg2KB
netflix_icon.ae6125d6.svg3KB
nl_NL.109c1592e27c8ce55740.json2.8MB
noteDialog.53501025.html3KB
novice_inactive.62ecf88e.svg3KB
old_generate_password.9c93ab23.svg1KB
old_infield.79b1d6a0.svg443B
outlook-icon.3a49d477.svg4KB
passkey-generic-error.2df22fd3.svg2KB
passkey-lock.c42e67ed.svg676B
passkey-login-illustration.b9c3a1c7.svg26KB
passkey-oops.386dc56c.svg5KB
passkey-vault.039f8fb0.svg2KB
password-health.9a5ebc3c.svg2KB
password-icon.8a4e2acd.svg1KB
passwordless-login.b6f48ab6.svg10KB
passwordless-logo-authn.a85f6483.svg11KB
payment-card.84e09101.svg501B
paypal_icon.3c0f98d6.svg1KB
pencil.2b5f1a6f.svg736B
pencil.ce3abe08.svg803B
pin_extension_default.2fd6cbb0.svg1KB
play_store.2b1132ea.svg6KB
plus.dc69fc23.svg364B
preferencesDialog.c3bf5551.html18KB
premium-diamond.2bd3bbb9.svg3KB
premium.3423b9d0.svg6KB
pro.ca7c5122.svg4KB
pro_active.caaffb9d.svg3KB
pro_inactive.db507f82.svg3KB
processing.5891fb4c.svg11KB
pt_BR.0bd22c629bb4e4602fb4.json2.8MB
qr_code.813ab0ff.svg6KB
recent-empty-state.0b693bb1.svg3KB
rectangle.bcd73e32.svg191B
red-logo-center-aligned.857fd1dc.svg7KB
red-logo-left-aligned.72a56bc6.svg7KB
refresh.0a6724fa.svg794B
remaining-switches.6ce430f2.svg839B
reward-claimed-check.5e152977.svg2KB
reward.5ac5d649.svg20KB
rookie.74bf32b4.svg3KB
rookie_active.1ffef084.svg2KB
rookie_inactive.f96d972b.svg3KB
save_password_completed.57148cac.svg2KB
save_password_default.74761bac.svg2KB
search-results-open-vault.1193d122.svg12KB
search-vault.fb88bfdb.svg11KB
search.482bfd36.svg294B
security-checkup-done.9b411faf.svg5KB
security_dashboard.1463ac9c.svg6KB
share.3f50b56f.svg4KB
share.d4cfbe08.svg407B
share_folder_completed.ff07fe98.svg3KB
share_folder_default.9034c997.svg3KB
share_password_completed.d58eac37.svg3KB
share_password_default.eb27120d.svg4KB
share_password_illustration.ded94410.svg14KB
shared-folder.e390addc.svg1KB
siteDialog.913f997a.html7KB
six-licences.87aa5dab.svg6KB
skilled.2364064b.svg4KB
skilled_active.03894091.svg3KB
skilled_inactive.e80e58ca.svg3KB
sshKey.e4fae062.svg2KB
star.ae05856d.svg724B
success.d786e4cb.svg7KB
switch-device-icon-blue-light.56322382.svg6KB
switch-device-icon-red-light.6eda4bbf.svg6KB
switch-device-icon-yellow-light.76d05919.svg6KB
switch-last.917602ba.svg12KB
tabs-chevron-left.a7ad7d85.svg277B
tabs-chevron-right.2e130edf.svg276B
toggle.92c9caeb.svg188B
toolbar-account-settings-icon.f06c44b4.svg890B
toolbar-clear-local-data-icon.17643a1b.svg944B
toolbar-export-icon.1a66f4b7.svg680B
toolbar-extension-settings-icon.bb0d5859.svg735B
toolbar-fix-problem-icon.200ee89b.svg2KB
toolbar-get-help-icon.feefcf53.svg385B
toolbar-lastpass-icon.9d80efc3.svg531B
toolbar-logout-everywhere-icon.8b812cb6.svg766B
toolbar-logout-icon.f62a9730.svg640B
toolbar-refresh-vault-icon.3820fb17.svg788B
toolbar-report-bug-icon.9f40aa33.svg1KB
toolbar-support-center-icon.feefcf53.svg385B
toolbar-user-icon.97d75958.svg276B
tooltip-dismiss.535b5fe1.svg287B
track-and-enforce.e37ee3fb.svg2KB
try_autofill_completed.01abca07.svg4KB
try_autofill_default.c2045183.svg5KB
try_families_loading.5b2e6c66.svg9KB
unlimited-shared-folders.fb48fc00.svg3KB
upgrade-banner-background.2e494278.svg6KB
upgradetier.98a1127c81f426c27ad9.png42KB
url-encryption-action-button-icon.89bd690a.svg717B
url-encryption-icon.b3e1a8f1.svg6KB
user-management.a21d69ee.svg3KB
user.797cdb9f.svg287B
vault-search.72cdc312.svg12KB
vault-with-items.7b3fa3da.svg11KB
vault.61c22790.svg8KB
vault.718ddd1b.svg1KB
vault_tour_completed.7cdd0a01.svg6KB
vault_tour_default.31627f5a.svg8KB
waiting.44eba62c.svg845B
warning.c3cdb75b.svg271B
x-icon.a43f77fe.svg195B
about-lp.html931B
background-redux-new.js9.9MBlarge
background-redux-new.js.LICENSE.txt3KB
background.html298B
clipboard-permission.html1015B
credentials-library.js32KB
credentials-library.js.LICENSE.txt225B
edit.html1KB
extension-pendo.html939B
federated-login-content-script.js737B
fill-comfirmation.html1012B
first-password-loggedin-detector.js1KB
inject-credentials.js253B
login.html1KB
manifest.json3KB
offscreen-zxcvbn.html715B
offscreen.html85B
offscreen.js891B
passkey-user-verification.html1019B
password-reprompt.html1012B
preferences.html1KB
redirect-web-vault.js44B
sha256.js6KB
sjcl.js11KB
vault-sync-document-start-safari.js74B
vault-sync-document-start.js70B
vault.html314B
web-client-content-script.js3.3MBlarge
web-client-content-script.js.LICENSE.txt3KB
web-client-credentials-messenger.js1KB
web-client-safari-okta-login-request.js279KBlarge
web-client-safari-okta-login-request.js.LICENSE.txt1KB
web-client-web-federated-login-document-start.js142KBlarge
web-client-web-federated-login-document-start.js.LICENSE.txt971B
webclient-extension-toolbar-mobile.html1KB
webclient-extension-toolbar.html1KB
webclient-infield.html1003B
webclient-tab-prompt.html1KB
zxcvbn-calculate-password-strength.js225B
zxcvbn-offscreen-overrides.js655B
zxcvbn-ts-language-common.js394KBlarge
zxcvbn-ts-language-de.js822KBlarge
zxcvbn-ts-language-en.js1.2MBlarge
zxcvbn-ts-language-es-es.js766KBlarge
zxcvbn-ts-language-fr.js634KBlarge
zxcvbn-ts-language-it.js631KBlarge
zxcvbn-ts-language-nl-be.js419KBlarge
zxcvbn-ts-language-pt-br.js511KBlarge
zxcvbn-ts.js22KB
zxcvbn-worker.js20KB
zxcvbn.js800KBlarge
What This Extension Does
LastPass is a password manager that securely stores and autofills login credentials, generating strong passwords and offering multi-factor authentication. It's designed for individuals and businesses to manage their online identities safely.
Permissions Explained
- scriptingexpected: This permission allows the extension to run scripts on web pages, which is necessary for LastPass to autofill login credentials.
Technical: The scripting permission grants access to Chrome's content script injection API, allowing the extension to inject JavaScript code into web pages. This can be used to execute arbitrary code on a webpage, potentially leading to XSS attacks if not properly sanitized. - tabsexpected: This permission allows the extension to access and interact with web pages in your browser tabs.
Technical: The tabs permission grants access to Chrome's tab management API, allowing the extension to create, update, and delete tabs. This can be used to manipulate user interactions or inject malicious content into tabs. - notificationsexpected: This permission allows the extension to display notifications in your browser.
Technical: The notifications permission grants access to Chrome's notification API, allowing the extension to display alerts and prompts to users. This can be used to manipulate user behavior or inject malicious content into notifications. - storageexpected: This permission allows the extension to store data locally on your device.
Technical: The storage permission grants access to Chrome's local storage API, allowing the extension to store and retrieve data from user profiles. This can be used to persist malicious data or inject malware into user devices. - unlimitedStoragecheck this: This permission allows the extension to store an unlimited amount of data locally on your device.
Technical: The unlimited storage permission grants access to Chrome's local storage API with no size limits, allowing the extension to store and retrieve large amounts of data from user profiles. This can be used to persist malicious data or inject malware into user devices. ⚠ 1 - webNavigationexpected: This permission allows the extension to observe and interact with web page navigation events.
Technical: The webNavigation permission grants access to Chrome's web navigation API, allowing the extension to observe and manipulate user interactions on web pages. This can be used to inject malicious content into web pages or track user behavior. - webRequestcheck this: This permission allows the extension to intercept and modify HTTP requests made by your browser.
Technical: The webRequest permission grants access to Chrome's web request API, allowing the extension to intercept and modify HTTP requests made by users. This can be used to inject malware into user devices or track user behavior. ⚠ 1 - webRequestAuthProvidercheck this: This permission allows the extension to authenticate web requests using a custom authentication provider.
Technical: The webRequestAuthProvider permission grants access to Chrome's web request API with custom authentication capabilities, allowing the extension to inject malicious content into user devices or track user behavior. ⚠ 1 - offscreencheck this: This permission allows the extension to run in the background even when your browser is closed.
Technical: The offscreen permission grants access to Chrome's background service worker API, allowing the extension to run in the background and perform tasks without user interaction. This can be used to inject malware into user devices or track user behavior. ⚠ 1 - alarmscheck this: This permission allows the extension to schedule periodic tasks in the background.
Technical: The alarms permission grants access to Chrome's background service worker API, allowing the extension to schedule periodic tasks without user interaction. This can be used to inject malware into user devices or track user behavior. ⚠ 1 - privacycheck this: This permission allows the extension to access and modify user data related to privacy settings.
Technical: The privacy permission grants access to Chrome's privacy API, allowing the extension to access and modify user data related to privacy settings. This can be used to inject malware into user devices or track user behavior. ⚠ 1 - clipboardWritecheck this: This permission allows the extension to write data to your clipboard.
Technical: The clipboardWrite permission grants access to Chrome's clipboard API, allowing the extension to inject malicious content into user devices or track user behavior. ⚠ 1 - http://*/*check this: This permission allows the extension to access all HTTP requests made by your browser.
Technical: The http://*/* permission grants access to Chrome's web request API with no protocol restrictions, allowing the extension to intercept and modify HTTP requests made by users. This can be used to inject malware into user devices or track user behavior. ⚠ 1 - https://*/*check this: This permission allows the extension to access all HTTPS requests made by your browser.
Technical: The https://*/* permission grants access to Chrome's web request API with no protocol restrictions, allowing the extension to intercept and modify HTTPS requests made by users. This can be used to inject malware into user devices or track user behavior. ⚠ 1
Your Data
LastPass stores data locally on your device, including login credentials, passwords, and other sensitive information. It also sends data to its servers for syncing purposes, using HTTPS encryption.
Technical Details
The extension contacts the following domains: www.w3.org, link.lastpass.com, lastpass.com, github.com, momentjs.com, www.googleapis.com, www.lastpass.com, accounts.lastpass.com, content.googleapis.com, udemy.com, no-such-site.com, schemas.xmlsoap.org. It uses HTTPS encryption for data transmission and stores sensitive information locally on your device using Chrome's local storage API.
Code Findings
Dynamic Code ExecutionHigh
The extension uses the Function constructor to execute dynamic code, which can be used to inject malicious content into user devices.
Technical: The extension uses the Function constructor to create new functions dynamically, allowing it to execute arbitrary code on web pages. This can be used to inject malware or track user behavior.
💡 This pattern is commonly used in legitimate extensions for dynamic scripting and functionality.
Alternative to evalHigh
The extension uses the execScript method as an alternative to eval, which can be used to inject malicious content into user devices.
Technical: The extension uses the execScript method to execute scripts dynamically, allowing it to inject malware or track user behavior. This is similar to using eval, but with some additional security features.
💡 This pattern is commonly used in legitimate extensions for dynamic scripting and functionality.
Potential XSS VectorMedium
The extension uses innerHTML assignment, which can be used to inject malicious content into user devices if not properly sanitized.
Technical: The extension uses innerHTML assignment to set the HTML content of elements dynamically. This can be used to inject malware or track user behavior if not properly sanitized.
💡 This pattern is commonly used in legitimate extensions for dynamic UI updates and functionality.
Cryptographic OperationsInfo
The extension performs cryptographic operations to encrypt and decrypt data, which is necessary for secure password management.
Technical: The extension uses cryptographic libraries to perform encryption and decryption of sensitive information. This is necessary for secure password management and syncing purposes.
💡 This pattern is commonly used in legitimate extensions for secure data storage and transmission.
Bottom Line
LastPass is a legitimate password manager that securely stores and autofills login credentials. However, it has some concerning permissions and code patterns that could potentially be used to inject malware or track user behavior if not properly sanitized. Users should exercise caution when installing and using this extension.
Similar Extensions
More in Productivity/workflow →
Do more in Google Chrome with Adobe Acrobat PDF tools. View, fill, comment, sign, and try convert and compress tools.
Block ads on YouTube and your favorite sites for free
Remove ads on YouTube and everywhere else you browse.