CVE-2023-27035
CVE-2023-27035 affects Obsidian Canvas 1.1.9. The issue allows remote attackers to trigger sensitive Web APIs from embedded pages on the canvas, enabling actions such as sending desktop notifications and recording the user’s audio without explicit user permission. The root cause, as described in ...