"Web-based" is the critical point here, but still

“Severe” password manager attacks steal digital keys and data en masse | Ars Technica

"The researchers examined LastPass and four other Web-based managers and found critical defects in all of them. "

The conclusion:

"On the whole, readers are likely better off using a password manager than they are using the same password for multiple sites. For that reason, Ars still recommends that people use a password manager. However…"