The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users’ webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders.
The vendor acknowledged the cross-site scripting (XSS) vulnerability and promptly fixed it after security researcher Wladimir Palant reported it responsibly on February 14, 2022.
However, the same privacy and security-related risks remain unaddressed, keeping users at potential risk from websites that partner with the Screencastify platform.
Comments are closed.