Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal information from users’ online services. The vulnerability, a Universal XSS marked CVE-2019-12592, was discovered as part of Guardio’s ongoing security analysis efforts using a combination of internal technology and researchers. Guardio disclosed the vulnerabilities to Evernote during the last week of May, which prompted Evernote to address them and roll out a … More
The post Evernote Chrome extension flaw could have allowed access to personal info appeared first on Help Net Security.
After announcing its intention to limit third-party developers’ access to Chrome’s webRequest API, which is used by many ad-blocking extensions to filter out content, Google has followed up with announcements for a few more changes meant “to create stronger security, privacy, and performance guarantees”: Chrome extension developers must ditch any deceptive installation tactic they have been using Extensions must only request access to the appropriate data needed to implement their features Extensions that handle user-provided … More
The post Chrome extension devs must drop deceptive installation tactics appeared first on Help Net Security.