Copyediting app Grammarly includeda gaping security holethat leave behind drug user of its internet browser extension open to more embarrassment than just misspelled quarrel .
The Grammarly internet browser university extension for Chrome and Firefox bear a “ in high spirits severity microbe ” that was leak authentication tokens , according to abug reportby Tavis Ormandy , a security measure researcher with Google ’s Project Zero . This meant that any website a Grammarly user visited could get at the user ’s “ papers , story , logs , and all other data , ” accord to Ormandy .
Grammarly has approximately 22 million users , according to Ormandy , and the company told Gizmodo in an email that it “ has no evidence that any user selective information was compromised ” by the security hole . “ We ’re continuing to monitor actively for any unusual bodily function , ” a Grammarly spokesperson said .
The good news is , Grammarly quickly define the bug in the Chrome Web Store in what Ormandy call a “ really impressive reply clock time . ” Ormandy says Mozilla confirm the Firefox version of the prolongation also rolled out to users , and the updates should have been robotic .
“ The bug is fixed , and there is no action required by Grammarly drug user , ” the company spokesperson suppose .
Still , although the Grammarly bug was limited in its scope , let this be a reminder that break any internet browser plugin the power to get at literally everything you type online could leave you totally fcuked .
Update , 10:08pm : A Grammarly spokesperson say Gizmodo in an email that it has no grounds of users being compromise by the vulnerability .
We ’ve updated this piece with the young selective information .
[ Cyberscoop ]
PrivacySecurity
Daily Newsletter
Get the best tech , science , and culture news in your inbox daily .
intelligence from the future tense , delivered to your present .
You May Also Like
