Banner space[body left]
If successful, the script would run in the victim's session, allowing the attacker to "see" what the user sees—effectively stealing the decrypted content of their inbox. Proton's Response and Resolution
This incident serves as a reminder that no system is 100% secure, but active collaboration with the security community—often incentivized by Proton's Bug Bounty Program —is essential for maintaining privacy. To stay secure, users should:
In June 2022, security researchers from SonarSource discovered a critical Cross-Site Scripting (XSS) vulnerability in the open-source code of Proton Mail. This flaw could have allowed attackers to bypass end-to-end encryption to steal decrypted emails and impersonate victims. The Discovery Proton Exploit
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy .
When possible, use native desktop or mobile apps which often have different attack surfaces than web-based versions. If you'd like to refine this draft, tell me if you want to: If successful, the script would run in the
After researchers disclosed the bug in June 2022, Proton developed and deployed a fix by early July 2022.
An attacker would need to send two carefully crafted emails to the target. This flaw could have allowed attackers to bypass
Add details about other recent fixes (like the patch). Include SEO keywords tailored for cybersecurity audiences. Proton Mail's responsible vulnerability disclosure policy