Keeper Password Manager Browser Extension
Google Project Zero researcher Tavis Ormandy discovered a vulnerability in the Keeper password manager browser extension that is installed by default on Windows 10 and in tandem with the Keeper desktop application. This vulnerability, if exploited, can allow remote threat actors to steal passwords stored by the extension if a victim visits a specially-crafted malicious website. The NJCCIC recommends Keeper users read the Keeper blog post titled Update for Keeper Browser Extension 11.4.4 and ensure that their browser extensions are updated to the latest version. Edge, Chrome, and Firefox users should receive the update automatically; however, Safari browser users will need to apply the update manually by visiting Keeper’s download page.