Jump to content
We apologize for the inconvenience, but chat support is currently unavailable. Please feel free to submit an email ticket or reach out at discussion.evernote.com. Thank you for understanding. ×

Jesse P Lesperance

Evernote Staff
  • Content Count

  • Joined

  • Last visited

Community Reputation

7 Neutral


About Jesse P Lesperance

Profile Information

  • Subscription

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Just a little bit of clarity on the IP from the US: The 35.199.x.x IP address is allocated to Google Cloud where Evernote hosts our infrastructure. What you are seeing is a piece of normal communication with one of our systems which is currently being misreported as an account access. We are aware of the issue and are working internally to resolve the bug.
  2. Hey Folks, I am Jesse Lesperance and am the Head of Security at Evernote. Jumping in with a couple of observations: Here’s another piece of coverage [https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/] with more accurate and specific information. The original Guardio press release is here:https://www.prnewswire.com/news-releases/guardio-discovers-major-vulnerability-in-evernotes-chrome- extension-300866322.html As mentioned in the CyberScoop coverage above, Guardio does not believe that anyone took advantage of the bug. At Evernote, we have not found any evidence that the vulnerability reported by Guardio has been exploited.. We have a robust security program which includes working with many external security researchers; when we or a third-party discover vulnerabilities, we have a formal triage process that ensures that we appropriately prioritize and resolve/mitigate the vulnerability. In this case, due to the potential impact, we had patched the vulnerability and distributed a new release within 3 days of Guardio’s contacting us. Chrome Extensions are by default set to auto-upgrade precisely for these sorts of situations; consequently our patch was automatically applied to the vast majority of installed Chrome WebClippers. If you are a user of the WebClipper Extension for Google Chrome, and you have changed the defaults on how your Chrome Extensions upgrade, you should ensure that you have v7.11.1 (or better) of the Chrome WebClipper Extension installed.
  • Create New...