Ars Technica reports a serious architectural flaw has been discovered in the browser extension password manager LastPass. It may allow malicious websites to steal passwords or even execute malicious code. As the vulnerability was discovered by Google's Project Zero, little has been released about the exploit but the team has been given 3 months before details are released.
Personally, I prefer application-based management tools that exist without directly tying to the browser.