The popular browser extension Grammarly has patched a vulnerability that allowed websites to read data such as documents and log files. The extension checks grammar and spelling. The leak was found by Google researcher Tavis Ormandy.
In his report, which is now public, Ormandy writes that Grammarly has approximately 22 million users. He found that the plug-in exposed authentication tokens to all websites, allowing a malicious person to log into the service as a specific user. For example, if that user had files stored in Grammarly’s online editor, then the attacker had access to them. Ormandy also mentions access to history and log files.
The Google researcher further notes that the Grammarly team picked up on his report within hours and came up with a fix for the Chrome version of the extension. Shortly after, there was also an update for the Firefox variant. Ormandy calls this an “impressive response time.” Grammarly tells The Register that it is not aware of any abuse of the vulnerability and that users do not need to take any action.
Ormandy is more likely to find vulnerabilities in third-party software. Recently, he focused on so-called dns rebinding attacks, which he found in bittorrent client Transmission and the Blizzard updater.