Grammarly extension vulnerability gave websites access to users' account

By Neowin ·
View full version

Grammarly, a popular service that helps users improve their grammar by highlighting advanced grammatical errors and typing mistakes, contained a vulnerability in its web extensions, opening up the possibility for any website a user visited to log in to the service as them, and access all documents stored in its vault. The vulnerability was discovered by Google’s Project Zero team.

Grammarly has since patched its Chrome and Firefox extensions before anyone with malice could cause harm. In an email statement, a Grammarly spokesperson told Neowin that while the company has pushed an update for all its browser extensions, the vulnerability did not affect the extension for Microsoft"s Edge browser.

Project Zero researcher Travis Ormandy classified the bug high-severity as, if the bug was exploited, the attacker would gain complete access to one"s documents and other account information.

In a statement to Gizmodo, a Grammarly spokesperson stated that the company had no evidence of any user being compromised by the vulnerability.

Source: Tavis Ormandy (Twitter) | Image via Microsoft Store

Report a problem with article
Next Article

Android usage: Nougat the most popular version, and Oreo finally on over 1%

Previous Article

Sony kicks off beta for PlayStation 4 firmware update 5.50