Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials users had entered on previously-visited sites. According to Ormandy, this isn’t as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site.
Source: LastPass bug leaks credentials from previous site | ZDNet