Popular password manager LastPass has fixed a serious flaw in its latest update that potentially allowed a malicious website to access the last used credentials entered by the browser extension. The clickjacking bug was discovered by Google Project Zero researcher Tavis Ormandy on August 30, part of the white-hat hack group devoted to finding bugs in software, reports ZDNet.