The company examines source code of extensions in Google’s Chrome store for potential anomalies. Guardio was formed roughly a year ago by veterans of the Israeli military’s cybersecurity units. “The deployed a fix within just a number of days, maybe two or three, after we discussed it. “Evernote was at the top of the list of services our users use and when we did a static code analysis we found this vulnerability,” said Michael Vainshtein, Guardio’s chief technology officer. The California company designs note-taking software that syncs and archives user files like lists, file attachments and websites between multiple devices. Security vendor Guardio announced Wednesday it had discovered a vulnerability in Evernote’s Web Clipper extension for Chrome that could have allowed attackers to bypass the browser’s “same origin policy,” a security protocol meant to limit malicious scripts from spreading.Įxploiting the flaw would have allowed attackers to gain privileges outside Evernote’s domain in Chrome - including access to a user’s other web content and services, researchers said.Įvernote resolved the flaw within days, Guardio said, and there is no evidence the bug was exploited.Įvernote did not respond to a request for comment from CyberScoop. Evernote last month fixed a security flaw in a Google Chrome extension that could have allowed hackers to access information about roughly 4.6 million users, according to new research.
0 kommentar(er)
