EUVD-2018-18401

Malware in sbrugna...

CVE-2018-6654

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr-ifr, because the exposure of these tokens is not restricted to any specific web site...

Grammarly: "More on Wikipedia" link disclose "Referrer" and leak `window.opener` reference for arbitrary websites

Summary: "Referrer" leak http:// link to Wikipedia transferring Referrer header allows a remote attacker with MITM access to sniff Referrer URL for important tokens after following "More on Wikipedia" link. Controllable page MITM with window.opener pointing to the navigation-initiated webpage...

Grammarly: `socket` command allows sending data over WebSockets to arbitrary origins from Grammarly Extension

Summary 1. Attacker could trigger Grammarly extension's socket command using a crafted page to perform WS connectionand data sending from extension's background page with cookies and origin to any URL. 2. Additionally, commands received from the attacker's server are handled by extension and coul...

Grammarly Extension For Google Chrome Information Disclosure Vulnerability - Mac OS X

Grammarly Spell Checker for Google Chrome is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2018-6654

The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr-ifr, because the exposure of these tokens is not restricted to any specific web site...