News

Critical bug in the Evernote extension has put millions of users at risk

At the end of May 2019, Guardio company specialists found dangerous vulnerability in the Evernote Web Clipper extension for Chrome.

Researchers warned that due to the high popularity of Evernote bug may affect has at least 4,600,000 users.

Vulnerability received an identifier CVE-2019-12592 and critical status. The bug is UXSS (universal cross-site scripting), which allows bypassing the Same Origin Policy (SOP) of the browser and gives attacker ability to execute arbitrary code on behalf of the victim.

“A logical coding error made it is possible to break domain-isolation mechanisms and execute code on behalf of the user – granting access to sensitive user information not limited to Evernote’s domain”, — reported Guardio specialists.

As a result of this attack, user’s data associated with other sites that he visited is not protected. Attacker can gain access to authentication data, financial information, personal conversations on social networks, emails, cookies, and so on.

All this achieved by redirecting victim to a resource controlled by the attackers, loading the hidden iframes, targeted at various third-party resources. The exploit forces Evernote to inject malicious code into all iframes, and the payload steals the necessary information from the attackers.

An illustrative PoC attack by researchers on this vulnerability can be seen below.

“This vulnerability is a testament to the importance of treating browser extensions with extra care and only installing extensions from trusted sources”, — conclude Guardio researchers.

Evernote developers have now completely eliminated the problem. Users who have Evernote Web Clipper version 7.11.1 or higher installed are completely safe.

How to check whether my account is private?

Evernote has issued a fix and a new version has been rolled out to its users.To see if you have the latest version, head over to the Evernote Chrome extension page at chrome://extensions/?id=pioclpoplcdbaefihamjohnefbikjilc (has to be manually copied into the address bar for security reasons) and make sure the “Version” shows 7.11.1 or greater.

Source: https://guard.io/blog

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

18 hours ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

18 hours ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

18 hours ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

19 hours ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

22 hours ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

22 hours ago