Your IT Consultant

Evernote Chrome Extension Users Beware

June 18, 2019

Do you use Evernote and the Chrome extension? If so, you should be aware of a flaw identified as CVE-2019-12592. It is a Universal Cross-Site Scripting (UXSS) flaw caused by a “logical coding error” that breaks the browser’s domain isolation protection. It is not an easy vulnerability to exploit and does require several steps to pull it off.

How do you know if you are impacted? You are vulnerable if Chrome says the installed Evernote Web Clipper is earlier than the patched version, 7.11.1, released on 31 May 2019. Chrome should have updated to the extension automatically, but a manual update can be carried out by accessing the extensions panel (chrome://extensions) and engaging the developer slider on the right-hand side. You should then see an ‘update’ button to apply the latest version. Firefox, Edge and Opera users are not known to be impacted at this time. No matter what browser you use, you should always make sure it is the latest version and that any extensions are also updated.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com