⇽ see other articles

Browser Extension Vulnerability Report

A security bug was found and fixed in FlowCrypt Browser Extension.

Affected users: 25

Time from discovery to fix: 1 day

Severity: Medium ($1,000 reward for reporting user - Chris Baker)

Timeline:

Details:

Aftermath:

What would need to happen for your message content to get exposed:

All affected users were notified about this by email. While this vulnerability alone could not cause your encrypted content to be exposed, it lowered the security of your Private Key which protects them, if you were one of the affected users. If you have not received an email from us about this, you were not one of the affected users.

To further improve security of our software, we will:

Your comments are welcome at human@flowcrypt.com

--

If software security is your thing, we have an open position for a remote security engineer / pen tester. Write us at human@flowcrypt.com