A critical vulnerability found in the Inadvertently Grammarly spell checker browser-based Chrome and Firefox browser has left all 22 million user accounts, including their personal documents and folders, vulnerable to remote hackers.
In other words, any website that visits a Grammarly spell checker user could steal their authentication tokens, which is enough to access the user’s account and access all ‘documents, history, logs, and all other data ‘without authorization.
“I’m defining a high severity bug because it seems to be a serious violation of user expectations,” Ormandy said in a vulnerability report. “Users do not expect to visit a website to give permission to access documents or data they have placed on other websites.”
Ormandy also provided a Proof of Principle (PoC) exploit, which explains how one can easily trigger this major bug to steal the Grammarly spell checker access token with just four lines of code.
Grammarly Spell Checker software hack control
This defect of high gravity was discovered Friday and placed early Monday morning by the Grammarly team, which, according to the researcher, is “a very impressive response time” to treat these insects.
Security updates are now available for Chrome and Firefox browser extensions, which must be updated automatically without requiring any action from Grammarly spell checker users.
A spokesman gramaticalmente also said in an e-mail that the company has no evidence that users have been compromised by this vulnerability.
“Gramaticalmente solved a security reported by mistake Tavis Ormandy, the Project Zero Google security researcher, in a few hours of his time scoperta.Nel, gramaticalmente has no evidence that the information on the users was affected by this issue,” says the spokesperson.
“We continue to actively monitor any unusual activity. The security issue affected the text saved in the publisher’s grammar. This bug had no effect on the grammar keyboard, the grammar component of Microsoft Office or any text you type on the websites during I use the Grammar browser extension The bug has been fixed and no action is required by Grammarly spell checker users. “