all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical Vulnerability Discovered in Evernote’s Chrome Extension

Add to bookmarks
March 1, 2022, 2:21 p.m. | Guardio

Stories by Guardio on Medium medium.com

Avihay Kain & Ido Schachter, Security Research at Guardio

Originally published on Guardio’s blog in June 2019

https://medium.com/media/de937843e80b9be77bb0d84c5f1ae1ce/href

In May 2019 Guardio’s research team has discovered a critical vulnerability in Evernote Web Clipper for Chrome. A logical coding error made it is possible to break domain-isolation mechanisms and execute code on behalf of the user — granting access to sensitive user information not limited to Evernote’s domain. Financials, social media, personal emails, and more are all natural targets. The …

chrome chrome extension critical critical vulnerability evernote extension security vulnerability

Visit resource

More from medium.com / Stories by Guardio on Medium

“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation 2 months ago | medium.com
browser extension browsers cybersecurity exploitation +1
“SubdoMailing” — Thousands of Hijacked Major-Brand Subdomains Found Bombarding Users With Millions… 3 months ago | medium.com
brand campaign cbs cornell +22
“Scammers Paradise” —Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing… 4 months ago | medium.com
cybersecurity dark dark web ecosystem +14
“MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browsers 4 months, 2 weeks ago | medium.com
browsers disclosure exploitation opera +1
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts 7 months, 2 weeks ago | medium.com
blockchain cybersecurity malware wordpress
“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business… 8 months, 3 weeks ago | medium.com
cybersecurity facebook malware messenger +1
“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing… 9 months, 4 weeks ago | medium.com
cybersecurity email phishing salesforce +1
“Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… 1 year, 1 month ago | medium.com
ads cybersecurity facebook facebook ads +6
“FakeGPT” #2: Open-Source Turned Malicious in Another Variant of the Facebook Account-Stealer… 1 year, 2 months ago | medium.com
account browser security chatgpt chrome extension +4

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com