Google Project Zero has found a credential leaking vulnerability in the LastPass password manager. Google Project Zero is a team of highly talented security analysts with a brief to uncover zero-day vulnerabilities. If a vulnerability is found, Project Zero reports to the vendor concerned and starts a 90-day countdown for a fix to be issued before full public disclosure is made. LastPass is also in the security business, being one of the most popular password management solutions with more than 16 million users, including 58,000 businesses. Project Zero has just disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as, in an ironic twist, LastPass could leak the last password used to any website visited.