• img February 06, 2018

Flaw in Grammarly’s extensions opened user accounts to compromise

A vulnerability in the Grammarly Chrome and Firefox extensions allowed websites to read users’ authentication tokes and use to them to log in to the users’ Grammarly accounts and access all the (potentially sensitive) information held in them. About the vulnerability The vulnerability was discovered by Google project Zero researcher Tavis Ormandy, who reported it to Grammarly on Friday. “I’m calling this a high severity bug because it seems like a pretty severe violation of … More


This post was originally published on https://www.helpnetsecurity.com/.