07 Feb Grammarly Chrome Extension Exposes User’s Private Data
A high severity vulnerability was recently identified in popular grammar checking extension Grammarly, by Tavis Ormandy, a researcher at Google’s Project Zero.
Ormandy said that the Chrome extension exposed the user’s private documents and data to virtually any website. A bug report was filed last Friday and Grammarly was able to issue a fix Monday. The company says that they have not found any evidence that any user information was compromised using the security flaw.
Ormandy was also responsible for discovering the remote code execution flaw in the Cisco WebEx Chrome extension, and the data-harvesting bug in the LastPass password manager.