Grammarly announced that it has fixed a security vulnerability in the company’s Chrome extension that allows hackers to access user account information, including private documents and data.
Tavis Ormandy, a security expert with the Google Project Zero project team, unveiled the “high-risk” vulnerability, saying the browser was extended to expose user token information to all sites. This means that any website can access a user’s documents, access history, logs, and other data information.
Ormandy said: “I’m calling this a high severity bug because it seems like a pretty severe violation of user expectations. Users would not expect that visiting a website gives it permission to access documents or data they’ve typed into other websites.” Proof of concept code, he explained how to use Four lines of code to trigger the BUG.
Grammarly is a grammar checker developed by a foreign vendor that offers web pages, Macs, and Windows. If you use Windows, Grammarly also provides the Word plug-in, downloaded after the plug-ins can be called within Word to directly check the syntax error.
Grammarly real-time grammar check, you write it on the side of the change, grammar issues and comments will be modified in the form of comments on the right side of the document, to facilitate you to check one by one, and in each comment will be accompanied by a detailed Explain, tell you where is wrong, why do you want to modify.
