Graham Cluley reports:
A Google vulnerability researcher has found a gaping security hole in a popular web browser extension, that could have potentially exposed your private writings on the internet.
The Grammarly real-time spelling and grammar checker, which has over seven million daily users, describes itself as all you need to ensure that “everything you type is clear, effective, and mistake-free.”
[….] vulnerability hunter extraordinaire Tavis Ormandy of Google’s Project Zero group appears to have found what he described as a “high severity bug” before it was uncovered by anybody more malicious.
Ormandy discovered that a simple piece of JavaScript hidden on a malicious website could secretly trick the Grammarly extension for Firefox and Chrome into handing over a user’s authentication token.
Read more on Hot for Security.