Recently discovered flaw in Google’s Evernote Extension by cybersecurity experts has allowed hijackers to hijack your personal browser and steal any personal information tracing the websites you may have visited. This is a major flaw that may put millions of users at risk of losing sensitive information,
Google’s ever popular service Evernote has been a convenient way for people to take notes and arrange their list of things to do. As per the analysis, over 461,000 have been reported to use Google’s Evernote Web Extension on the world popular Chrome browser and take advantage of the convenience of data integration between all their Google accounts. Believe it or not, Google has done a great job in creating a comfortable platform that allows you to manage your day-to-day activities.
The problem was first recognized by Guadio and explained the cause of the vulnerability. It was primarily based on the way Google’s Evernote Web Clipper Extension communicated with other websites and inject scripts, eventually breaking the browser’s Same-Origin Policy (SOP) and Domain-Isolation Mechanisms (DIM).
What possesses a major threat to privacy and security is that extensions run in the web browser requires the ability to make network requests or change the website content of the web pages visited. This is a growing concern and is putting people’s personal information at risk.
“A full exploit that would allow loading a remote hacker controlled script into the context of other websites can be achieved via a single, simple window.postMessage command,” the researchers said.