Grammarly Patches Chrome Extension Bug That Exposed Users’ Docs

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary:
I couldn’t believe this story from threatpost.com that thinks a surprising
Grammarly has fixed a Chrome Extensions vulnerability that exposes its authorization token to a website, allows the website to assume the identity of a user and view the documentation for their account.
Tavis Ormandy, a researcher at Google’s Project Zero, wrote in a February 2 forum: “I call this a serious mistake because it seems to be a serious violation of the user’s expectations.” Users do not expect to visit a web site to allow Access documents or data that they enter into other websites. “However, Grammarly has addressed the issue and introduced an update to the Chrome Web Store and Mozilla to show “a very impressive response time,” Ormandy wrote in a follow-up post on Monday. “I call this question fixed.”
Grammerly said on Twitter, thanks to Ormandy for his help, “We were aware of the security implications of our extension on Friday and we worked with Google to launch a fix within a few hours,” find and educate the community about this Kind of complex error. “The company added that more details are coming.
Grammarly’s Chrome extension has more than 20 million users, and the company also offers a Web-based editor. Its software scans users for grammar, spelling, punctuation and style, providing corrections and suggestions.
Read more…
The grammar-checking web service fixed the problem with “impressive” speed, a Google researcher says…. Engaging post, Read More…
thumbnail courtesy of threatpost.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Grammarly Patches Chrome Extension Bug That Exposed Users’ Docs appeared first on Safe Harbor on Cyber.