Given that companies can’t possibly make everything themselves, it isn’t surprising to see that sometimes companies bundle third-party apps/software with their releases to help bolster its appeal. Unfortunately this also means having to trust that these third-party apps do not come with issues of their own, which was not the case with some versions of Windows 10.
In a recent blog post by Google Project Zero researcher Tavis Ormandy, he discovered that some versions of Windows 10 came bundled with password manager Keeper, which also unintentionally came bundled with a critical flaw of its own that should it have been exploited, would have allowed malicious websites to steal the passwords that it stores on behalf of users.
However the good news is that according to ArsTechnica, the flaw was fixed within 24 hours after Ormandy had reached out to them privately to disclose it, and that users with the Keeper browser plugin had been updated to version 11.4.4 that should address the issue. A Microsoft representative also issued a statement that said, “We are aware of the report about this third-party app, and the developer is providing updates to protect customers.”
According to Keeper, thankfully it seems that none of their users were adversely affected by the flaw, but it does raise the question of how such a glaring issue made it past Microsoft in the first place for them to allow the third-party app to be bundled alongside Windows 10.