Seems to me this very problem is what operating systems like Qubes were designed to address.

Since you can run the browser in two different environments for different purposes, it is possible that you only have Lastpass accessible when you're visiting trusted websites and you use the browser in the "untrusted" environment which does not have access to Lastpass when you surf random sites.

Then for someone to use this method to get your passwords, they have to hack a website you consider trusted.

Problem solved in a way that allows for the inevitable bugs and flaws in each app.

https://www.qubes-os.org/

If you're using tripwire or another similar tool and its properly configured, then you should be notified of file changes.

As long as you're paying attention, this doesn't seem like much of an issue.