No doubt extensions add a lot of useful features to your web browser, but at the same time, the idea of trusting 3rd-party code is much more dangerous than most people realize. I have more than 6,000 notes attached to my Premium (paid) account. Let me be clear: Im a HUGE +Evernote fan. Take a moment to share this post and use the hashtag bringevernotetochromeos. Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed.Įvernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome browser.ĭiscovered by Guardio, the vulnerability ( CVE-2019-12592) resided in the ways Evernote Web Clipper extension interacts with websites, iframes and inject scripts, eventually breaking the browser’s same-origin policy (SOP) and domain-isolation mechanisms.Īccording to researchers, the vulnerability could allow an attacker-controlled website to execute arbitrary code on the browser in the context of other domains on behalf of users, leading to a Universal Cross-site Scripting (UXSS or Universal XSS) issue.Īs shown in the video demonstration, the researchers also developed a Proof-of-Concept (PoC) exploit that can inject a customized payload on targeted websites, and steal cookies, credentials, and other private information from an unsuspecting user. Save web page URLs, images, and descriptions to your relevant Evernote notebook and keep all your related content in one easy-to-find place. I cant be the only person who is growing impatient waiting for Evernote to offer the full Evernote experience on Chrome OS.
0 kommentar(er)
