News

Popular spell check browser extension closes data leak

By admin
Spread the love

The popular browser extension Grammarly has patched a vulnerability that allowed websites to read data such as documents and log files. The extension checks grammar and spelling. The leak was found by Google researcher Tavis Ormandy.

In his report, which is now public, Ormandy writes that Grammarly has approximately 22 million users. He found that the plug-in exposed authentication tokens to all websites, allowing a malicious person to log into the service as a specific user. For example, if that user had files stored in Grammarly’s online editor, then the attacker had access to them. Ormandy also mentions access to history and log files.

The Google researcher further notes that the Grammarly team picked up on his report within hours and came up with a fix for the Chrome version of the extension. Shortly after, there was also an update for the Firefox variant. Ormandy calls this an “impressive response time.” Grammarly tells The Register that it is not aware of any abuse of the vulnerability and that users do not need to take any action.

Ormandy is more likely to find vulnerabilities in third-party software. Recently, he focused on so-called dns rebinding attacks, which he found in bittorrent client Transmission and the Blizzard updater.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support