A critical flaw in the Evernote Web Clipper Chrome extension could allow potential attackers to access users’ sensitive information from third party online services. The issue is a Universal Cross-site Scripting (UXSS) (aka Universal XSS) tracked as CVE-2019-12592. Security company Guardio says about 4,600,000 users at the time of discovery had the potential of affecting consumers and companies who use the extension. The vulnerability has already been fully patched in under a week.
Source: https://www.bleepingcomputer.com/news/security/critical-flaw-in-evernote-add-on-exposed-sensitive-data-of-millions/