- Joined
- 27 Oct 2016
- Messages
- 4,569
- Solutions
- 3
- Reaction score
- 6,776
Grammarly has fixed a security bug in its Chrome extension that inadvertently allowed access to a user's account -- including their private documents and data.
Tavis Ormandy, a security researcher at Google's Project Zero who found the "high severity" vulnerability, said the browser extension exposed authentication tokens to all websites.
That means any website can access a user's documents, history, logs, and other data, the bug report said.
Grammarly's flawed Chrome extension exposed users' private documents