4.6M Evernote users put at risk
Cybersecurity watchdogs discovered a critical flaw in the popular organization app Evernote, reported Bleeping Computer. The vulnerability allows attackers to access sensitive information stored on third-party sites connected to the Evernote account. By exploiting a logical coding error in the Evernote Web Clipper Chrome extension, attackers could gain privileges in Iframes beyond Evernote’s domain. Users can link various third-party sites to their Evernote app, creating an unintentional linked database of login credentials, financial data, personal communications, and more, which attackers could explore and steal.