Grammarly Users Need to Update their Chrome Extensions Immediately
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Grammarly Users Need to Update their Chrome Extensions Immediately

A bug allows access to users’ accounts — including private data and documents.

Grammarly has released a patch to fix a vulnerability that would have allowed websites to view your personal data and documents.

A researcher at Google’s Project Zero, Tavis Ormandy, labeled the bug as high severity on account of the extension exposing authentication tokens to all websites.

The Grammarly Chrome extension (approx ~22M users) exposes it’s auth tokens to all websites, therefore any website can login to grammarly.com as you and access all your documents, history, logs, and all other data. I’m calling this a high severity bug, because it seems like a pretty severe violation of user expectations.

Ormandy provided a proof of concept the showed how the bug could be exploited with four lines of code.

> document.body.contentEditable=true // Trigger grammarly

> document.querySelector(“[data-action=editor]”).click() // Click the editor button

> document.querySelector(“iframe.gr_-ifr”).contentWindow.addEventListener(“message”, function (a) {console.log(a.data.user.email, a.data.user.grauth); }) // log auth token and email

> window.postMessage({grammarly: 1, action: “user” }, “*”) // Request user data

That produces a token that can then be used by anyone to log in to Grammarly as you.

Grammarly has over 22-million users, all of whom are vulnerable to this bug until they update their Chrome extension. That includes us at Hashed Out. It’s a good product and worth sticking with even despite this bug.

Ormandy published the bug report on Friday, subject to 90-day responsible disclosure guidelines. Grammarly release a patch earlier today.

Grammarly had fixed the issue and released an update to the Chrome Web Store within a few hours, a really impressive response time. I’ve verified that Mozilla now also has the update, so users should be auto-updated to the fixed version. I’m calling this issue fixed.

So update your browser extensions!

2 comments
  • By default, Chrome extensions auto-update without user intervention. Once we pushed a new version to the Chrome store (Mon, Feb 5, 2018), the Grammarly Chrome extension should have auto-updated for users in a matter of hours (by default, about 5-6 hours). I hope that helps answer your question. (Answer from Product Manager of Grammarly)

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.