Loading...

February 09, 2018

BEWARNGrammarly Web Extension Hit By Data-Leak Flaw

Loading...
Recently, a critical vulnerability discovered in the Grammarly extension, available for the well-known Chrome and the Mozilla Firefox browsers, affects more than 22 million users. This includes all documents and personal records of the users.

A critical vulnerability discovered in the Grammarly extension, available for Chrome and Firefox browsers, affects more than 22 million users. This includes all documents and personal records. All this is exposed to remote cybercriminals. It is a spell checker that works in two of the most used browsers.
Serious vulnerability in Grammarly spell checker

It was Tavis Ormandy, Google Project Zero researcher, who discovered the vulnerability recently. He explains that the Chrome and Firefox extension of spell checking, Grammarly, exposes all websites that could be attacked by remote cyber criminals with only four lines of JavaScript code.

In other words, any website that a user with this spellchecker visits could steal their authentication data. This would be enough to be able to log in to the user’s account and access all documents, history, records and all other data, without permission.

Tavis adds that this is a big vulnerability error. Explain that it is a fairly serious violation of the privacy of users. Users would not expect that when visiting a website, they would give permissions to access documents or data from other visited pages.
Exploit

The researcher has also provided a proof-of-concept exploit (PoC), which explains how this serious error can easily be triggered to steal data through Grammarly with only four lines of code.

This defect was discovered last Friday and, according to the researcher, has already been resolved by Grammarly. He believes that the response has been more than quick. Undoubtedly, it was an important vulnerability that affected many users.

Security updates are now available for the Chrome and Firefox browser extensions, which must be updated automatically without requiring any action by Grammarly users.

In short, the extension of Grammarly put at risk the privacy of users. All data and files were at risk and a remote cybercriminal could access them.
The importance of security

As we know, Google Chrome and Mozilla Firefox are two of the most used browsers. Millions of users around the world choose them as their favourites. Therefore, a vulnerability that affects one of these two browsers harms a large number of users.

Security is something vital to maintain our privacy. On many occasions, we have talked about the importance of having security programs and tools. In addition, this type of software must be updated to the latest version. This way we will be able to face possible recent threats that put at risk the good functioning of our equipment.

We also saw some very interesting security extensions for Chrome. Without a doubt an important complement next to the antivirus. Much of the malware arrives while we are navigating.

But common sense in these cases is also very important. We should not install extensions without knowing their origin. You always have to do it from official sources. This way we will avoid unnecessary problems that may affect our privacy.

So, what do you think about this new flaw of Grammarly? Simply share all your views and thoughts in the comment section below.
Share This
Previous Post
Next Post

This Post was publish by the above Author

0 comments: