The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders.
The vendor acknowledged the cross-site scripting (XSS) vulnerability and promptly fixed it after security researcher Wladimir Palant reported it responsibly on February 14, 2022.
However, the same privacy and security-related risks remain unaddressed, keeping users at potential risk from websites that partner with the Screencastify platform.
Palant decided to publish a write-up on his
blog to warn the millions of people who use Screencastify of the underlying risks, as the vendor has not fully fixed the issues after three months.
