In a recent blog post by Google Project Zero researcher Tavis Ormandy, he discovered that some versions of Windows 10 came bundled with password manager Keeper, which also unintentionally came bundled with a critical flaw of its own that should it have been exploited, would have allowed malicious websites to steal the passwords that it stores on behalf of users.
However the good news is that according to ArsTechnica, the flaw was fixed within 24 hours after Ormandy had reached out to them privately to disclose it, and that users with the Keeper browser plugin had been updated to version 11.4.4 that should address the issue. A Microsoft representative also issued a statement that said, “We are aware of the report about this third-party app, and the developer is providing updates to protect customers.”
According to Keeper, thankfully it seems that none of their users were adversely affected by the flaw, but it does raise the question of how such a glaring issue made it past Microsoft in the first place for them to allow the third-party app to be bundled alongside Windows 10.