7.5 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.6%
An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page.
forum.obsidian.md/t/embedded-web-pages-in-obsidian-canvas-can-use-sensitive-web-apis-without-the-users-permission-grant/54509
forum.obsidian.md/t/obsidian-release-v1-1-14-insider-build/54595
github.com/fivex3/CVE-2023-27035