The company’s response time was described by Ormandy as “really impressive” and he declared that the issue was fixed.
Ormandy flagged the problem in a forum post on 2 February and, as of today (6 February), Grammarly has pushed updates to the Chrome Web Store and Mozilla. “Therefore, any website can log in to as you and access all your documents, history, logs and all other data.” Grammarly acts fast to remedy the problem He wrote: “I verified that is enough to log in to a account. Ormandy’s post showed four lines of code demonstrating how the user information could be accessed. User information could have been compromised manually or by using a script. He added: “Users would not expect that visiting a website gives it permission to access documents or data they’ve typed into other websites.” Easy access to user accounts Ormandy said: “I’m calling this a high-severity bug, because it seems like a pretty severe violation of user expectations.” Tavis Ormandy, a security researcher at Google’s Project Zero, found the vulnerability in question and said the authentication tokens were exposed to all websites. The Grammarly browser extension exposed the details of approximately 22m users.Īutomated copy-editing app Grammarly has issued a fix for users of its Chrome and Firefox browser extensions, which contained a “high-severity bug” that exposed authentication tokens.
0 kommentar(er)
