The interruption in Google Chrome's site privacy protection feature means the data of users on connected accounts/services is vulnerable, and this enables the attackers to obtain users information including personal emails, financials, private conversations in social media sites and more from third-party services. The security flaw is a (UXSS) Universal Cross-site Scripting (also known as Universal XSS) traced as CVE-2019-12592 and originating from an Evernote Web Clipper logical code mistake that allowed to neglect the Chrome's same origin policy (SOP), allowing the hackers code-execution privileges in iframes, that allows them to gain access to sensitive user data. Due to an expository flaw, Evernote Web Clipper Chrome extension could be hijacked by potential hackers to retrieve user's personal information through third-party online services.īecause of the extensive use of Evernote, this flaw can affect its customer users (about 4,600,000 users), according to Guard, a security company which warned about the vulnerability.
0 kommentar(er)
