Evernote Critical Flaw in Chrome

Evernote is a popular service that helps people taking notes and organise their to-do task lists, over 4.6 Million users have been using its Evernote Web Clipper Extension for Chrome browser, Researchers have discovered a critical flaw that could have allowed hackers to hijack a users browser and steal sensitive information from any website you accessed.

Discovered by Guardio, the vulnerability (CVE-2019-12592) resided in the ways Evernote Web Clipper extension interacts with websites, iframes and inject scripts, eventually breaking the browser’s same-origin policy (SOP) and domain-isolation mechanisms.

Leave a Reply

Your email address will not be published. Required fields are marked *