Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension

Evernote last month fixed a security flaw in a Google Chrome extension that could have allowed hackers to access information about roughly 4.6 million users, according to new research. Security vendor Guardio announced Wednesday it had discovered a vulnerability in Evernote’s Web Clipper extension for Chrome that could have allowed attackers to bypass the browser’s “same origin policy,” a security protocol meant to limit malicious scripts from spreading. Exploiting the flaw would have allowed attackers to gain privileges outside Evernote’s domain in Chrome — including access to a user’s other web content and services, researchers said. Evernote resolved the flaw within days, Guardio said, and there is no evidence the bug was exploited. Evernote did not respond to a request for comment from CyberScoop. The California company designs note-taking software that syncs and archives user files like lists, file attachments and websites between multiple devices. “Evernote was at the top of the list […]

The post Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension appeared first on CyberScoop.

Continue reading Evernote patches flaw potentially affecting 4.6 million users of Google Chrome extension