The logical coding error in the Web Clipper extension could have allowed an attacker to bypass the browser’s same origin policy, granting the attacker code execution privileges in Iframes beyond Evernote’s domain. Guardio disclosed the vulnerabilities to Evernote during the last week of May, which prompted Evernote to address them and roll out a complete fix - within less than a week.ĭue to Evernote’s widespread popularity, this issue had the potential of affecting its consumers and companies who use the extension – about 4,600,000 users at the time of discovery. The vulnerability, a universal cross-site scripting (UXSS) marked CVE-2019-12592, was discovered as part of Guardio’s ongoing security analysis efforts using a combination of internal technology and researchers.
Guardio bundles a complete online protection suite where it matters most - your browser. Combined with strong anti-phishing capabilities, malicious ad blocking and information leak monitoring. Mitigating threats from malicious or unwanted extensions is an integral part of how Guardio protects its users, able to neutralize harmful extensions in real-time.
EXTREMELY disappointing.Guardio, a new breed of cyber security product designed to tackle threats and security concerns within the browser, discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. This feels like a beta, pre-release version 0.7 or something product that the developers are still trying to figure out instead of the mature and useful web clipper it used to be. Giving users no way to tell what to do next is a cardinal sin of the field.Īlso, if you change your mind and decide not to clip anything, sometimes it seems that you have to reload the page to make it go away.Īpps are supposed to get better as they mature, not worse. That’s absolutely atrocious user interface design. I stumbled on it purely by accident when I hit the Return key. Also, there is no visual indication of how you actually perform the clip. You have almost no control over what gets clipped, and you have to try to fix it in the Evernote app later.
#Evernote for chrome plus
Plus basically captures everthing, and minus almost nothing. Now all you have are these almost useless + and - buttions. And you could set defaults, which was extremely useful. That’s gone, along with other capture options. For instance, you could capture as if the page was in Reader mode, eliminating ads, sidebars, and user comments. You used to be able to heavily customize how this app captured clips.
0 kommentar(er)
