Critical Vulnerability Discovered in Evernote’s Chrome Extension

Avihay Kain & Ido Schachter, Security Research at Guardio

Originally published on Guardio’s blog in June 2019

In May 2019 Guardio’s research team has discovered a critical vulnerability in Evernote Web Clipper for Chrome. A logical coding error made it is possible to break domain-isolation mechanisms and execute code on behalf of the user — granting access to sensitive user information not limited to Evernote’s domain. Financials, social media, personal emails, and more are all natural targets. The …

chrome chrome extension critical critical vulnerability evernote extension security vulnerability