Grammarly has fixed a security bug in its Chrome extension that inadvertently allowed access to a user’s account — including their private documents and data. Tavis Ormandy, a security researcher at Google’s Project Zero who found the “high severity” vulnerability, said the browser extension exposed authentication tokens to all websites. That means any website can access a user’s documents, history, logs, and other data, the bug report said.
Read more