This incident serves as a reminder that no system is 100% secure, but active collaboration with the security community—often incentivized by Proton's Bug Bounty Program —is essential for maintaining privacy. To stay secure, users should:
Add details about other recent fixes (like the patch). Include SEO keywords tailored for cybersecurity audiences. Proton Mail's responsible vulnerability disclosure policy
Proton maintained its commitment to security through its Responsible Vulnerability Disclosure Policy .
In June 2022, security researchers from SonarSource discovered a critical Cross-Site Scripting (XSS) vulnerability in the open-source code of Proton Mail. This flaw could have allowed attackers to bypass end-to-end encryption to steal decrypted emails and impersonate victims. The Discovery
The vulnerability was strictly limited to the web interface; non-web Proton Mail apps (iOS/Android) were never affected. Protecting Your Data
Analysis of spam and virus filter logs showed no evidence of the exploit being used in the wild by malicious actors.
