The Sonar Research team identified the vulnerability during a routine audit of Proton's open-source repositories. The issue stemmed from how the web application handled user-controlled HTML. While senders need the ability to style messages, failing to properly sanitize certain tags can allow malicious tags to execute in a reader's browser. How the Exploit Worked
Analysis of spam and virus filter logs showed no evidence of the exploit being used in the wild by malicious actors. Proton Exploit
The vulnerability was strictly limited to the web interface; non-web Proton Mail apps (iOS/Android) were never affected. Protecting Your Data The Sonar Research team identified the vulnerability during