The Grammarly extension before 2018-02-02 for Chrome allows remote attackers to discover authentication tokens via an 'action: "user"' request to iframe.gr_-ifr, because the exposure of these tokens is not restricted to any specific web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grammarly | grammarly | 2018-02-02 |