The Sonar Research team discovered critical code vulnerabilities in multiple encrypted email solutions, including Proton Mail, Skiff, and Tutanota. These services provide end-to-end encryption, making communications safe in transit and at rest. However, the researchers found that attackers could steal emails and impersonate victims if they interacted with malicious messages. Nearly 70 million users were at risk on Proton Mail alone. The vulnerabilities were discovered through a thorough audit of the web clients' security, which revealed that the encryption happens in the web client, making it vulnerable to direct attacks. The researchers found a Cross-Site Scripting issue that allowed attackers to steal decrypted emails and impersonate victims. They also identified other severe vulnerabilities in Skiff and Tutanota Desktop. Proton Mail was fixed shortly after the report was submitted, with no signs of in-the-wild exploitation. The researchers recommend avoiding modifying data after sanitizing it, not re-parsing HTML after sanitizing it, and using state-of-the-art sanitizers to prevent similar issues in the future.