Yes, they use it because they don't know how to do the same things in JavaScript - without it you get very awkward import/export for example. Tavis Ormandy already demonstrated in the past that this binary allows turning an extension vulnerability into code running with privileges of the logged in user. So it's very advisable not to install it.

Not that I'm a big fan of LastPass in general, published a number of article on their issues already: https://palant.de/category/lastpass/