A critical flaw in the Evernote Web Clipper Chrome extension could allow potential attackers to access users’ sensitive information from third party online services. 

  • Once Chrome’s site isolation  feature is broken, user from accounts on other websites is no longer protected and this allows bad actors to access sensitive user info from third-party sites 
  • Affected approximately 4,600,000 users 

Expert Comments: 

Javvad Malik, Security Awareness Advocate at KnowBe4: 

Javvad Malik  - Bill Brenner1 - Critical Flaw In Evernote Chrome Extension Exposed Sensitive Data Of Millions Of Users“Add-ons, extensions, and other third-party always carry some degree of risk. Companies should be careful in vetting which extensions are allowed within the corporate environment. In this case, in order to exploit the , attackers need to redirect targets to websites that they control, which then run exploits that can force Evernote to inject the malicious payload. One of the best defenses in such scenarios is to ensure users are trained up so they are less likely to be tricked into accessing malicious sites that will download or inject malicious to their machines.” 

 



Source link
Based Blockchain Network

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here