Guardio's research team has discovered a critical vulnerability in
Evernote Web Clipper for Chrome. A logical coding error made it is possible to
break domain-isolation mechanisms and execute code on behalf of the user -
granting access to sensitive user information not limited to Evernote's domain.
Financials, social media, personal emails, and more are all natural targets. The
Universal XSS vulnerability was marked as CVE-2019-12592.
https://guard.io