CVE-2018-6654

Name of the Vulnerable Software and Affected Versions Grammarly extension versions prior to 2018-02-02 for Chrome

Description The issue allows remote attackers to discover authentication tokens. This is achieved by sending an 'action: "user"' request to the "iframe.gr -ifr" endpoint, because the exposure of these tokens is not restricted to any specific web site.

Recommendations For Grammarly extension versions prior to 2018-02-02 for Chrome, consider updating to a version released after 2018-02-02 to resolve the issue. As a temporary workaround, consider restricting access to the "iframe.gr -ifr" endpoint to minimize the risk of exploitation.