Suspect Chrome Extensions


Posted below before I saw related post above. This post probably needs to be transferred.



Excerpt from article.


Grammarly has fixed a security bug in its Chrome extension that inadvertently allowed access to a user's account -- including their private documents and data.

Tavis Ormandy, a security researcher at Google's Project Zero who found the "high severity" vulnerability, said the browser extension exposed authentication tokens to all websites.

That means any website can access a user's documents, history, logs, and other data, the bug report said.

Ormandy filed his bug report Friday, subject to a 90-day disclosure deadline -- as is the industry standard. Grammarly issued an automatic update Monday to fix the issue.
http://www.zdnet.com/article/grammar...ate-documents/