Guardio disclosed the vulnerabilities to Evernote during the last week of May, which prompted Evernote to address them and roll out a complete fix – within less than a week.ĭue to Evernote’s widespread popularity, this issue had the potential of affecting its consumers and companies who use the extension – about 4,600,000 users at the time of discovery. The vulnerability, a Universal XSS marked CVE-2019-12592, was discovered as part of Guardio’s ongoing security analysis efforts using a combination of internal technology and researchers.
Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services.
0 kommentar(er)
