Greetings all who have replied..
Some more info on this issue:
I submitted a report to the CVE on April 17th, 2018 it has since been approved and an official CVE # has been assigned: https://cve.mitre.org/cgi-bin/cvename.c ... 2018-10193
LastPass has yet to reach out with any sort of response other than one twitter response found here: https://twitter.com/LastPassHelp/status ... 5650071552
where they acknowledge receiving my report.
Sounds like internally no one has budged on this issue. I'm not sure if it's a serious undertaking, but I would at least like an explanation why a for loop is required on every mouse click to go through EVERY SINGLE input element on the page, given how common it is for certain large enterprise web interfaces to contain a couple thousand inputs.
Not only is this an inconvenience to enterprise users who are being DoS'd by their own browser extension, ANY malicious website can trigger this DoS by injecting a couple inputs to the page, enough to slow down or cause headaches for users worldwide.
LastPass, do the right thing and at least engage your developers to provide a reasoning for this aggressive and greedy for loop.