It’s only normal that software developers would patch up security holes in their apps. Unfortunately, there are rare times when such fixes actually break existing third-party features. That seems to be the case here when Google introduced a patch to the beta version of Chrome for Android which has effectively blocked LastPass from applying its autofill feature on web page forms.

The issue revolves around how both Chrome and LastPass on Android work. LastPass provides a service that will remember and automatically fill in passwords on websites, relieving users of the stress of having to remember and manage all those (hopefully strong) passwords. It’s like what built-in browser features do except LastPass works across different browsers and platforms. LastPass implements this functionality as a plugin for browser such as Firefox, Opera, and even Chrome on the desktop. Unfortunately, Chrome for Android doesn’t have provisions for plugins and addons, unlike Firefox for Android. What LastPass did, then, was to use a process called Javascript injection to get that same functionality to work.

The thing is, such a process is basically a “hack”, that is, it’s not a real solution. Even worse, it is, for all intents and purpose, a security exploit. If LastPass can use that door, then so could malicious software. Google can’t really be blamed for wanting to close that door, which it did in the latest beta of Chrome for Android version 37. It has disallowed injecting Javascript into the browser, which means LastPass can no longer auto-fill passwords and forms, leaving users with a broken workflow.

Neither can really be blamed in this unfortunate situation and Google can hardly be expected to reverse that critical security fix just for the sake of LastPass. The good news is that there is still some time left before Chrome beta becomes the next stable release and LastPass developers are trying to work with Google to see if a win-win solution can be found or if the patch can be reverted. In the meantime, LastPass users on Chrome should switch to the stable version 36 of the browser or some other Android web browser that supports plugins.

SOURCE: LastPass
VIA: Liliputing

  • John Hale

    Welp, start keeping a convenient pocketbook around for such sensitive info… Average smartphone users are starting to turn lazy and more lazy nowdays.