As a google customer I was going to be very upset with Google, BUT it is okay for now
"Full report sent to LastPass, they're working on it now. Yes, it's a complete remote compromise. Yes, I promise I'll look at 1Password."
Okay good, I was going to say that I didn't appreciate Google paying people to make life difficult for myself and other Google customers.
But he's sending the report to LastPass first.
Hopefully he realizes that even a small company like LastPass can take a couple of months to create and test a fix up to the level where it is ready for production release.
People who make their living writing code know, rushing out fixes to commercial software in a blind panic can open more holes than it closes.
Google needs to remember that we customers don't only use Google products, we use other products to. And making Google customer lives miserable would affect Google's business model and profits.
However, doing a service like this, where the report is sent to the product vendor and the product vendor is given sufficient time to design, write, test, re-write, re-test, beta test and release a well thought out fix, that is actually Google doing something good for us customers.