Gaurdio researchers recently uncovered a major cross site scripting (XSS) flaw in the Chrome extension for the popular note-taking app Evernote. The vulnerability made it possible for threat actors to steal highly sensitive data belonging to more than 4.6 million users.
By exploiting the flaw, attackers could obtain unauthorized “access to social media (reading and posting content), financial transaction history, private shopping lists, and more.” Gaurdio disclosed the flaw to Evernote at the end of may, prompting the firm to issue a patch on June 4.
Read more: Evernote Critical Flaw Opened Personal Data of Millions to Attack