Critical Vulnerability Discovered in Evernote’s Chrome Extension

_QTkS7N49EQ/default.jpg

Guardio's research team has discovered a critical vulnerability in
Evernote Web Clipper for Chrome. A logical coding error made it is possible to
break domain-isolation mechanisms and execute code on behalf of the user -
granting access to sensitive user information not limited to Evernote's domain.
Financials, social media, personal emails, and more are all natural targets. The
Universal XSS vulnerability was marked as CVE-2019-12592.
https://guard.io

_QTkS7N49EQ/default.jpg
Critical Vulnerability Discovered in Evernote’s Chrome Extension Critical Vulnerability Discovered in Evernote’s Chrome Extension Reviewed by Anonymous on June 13, 2019 Rating: 5