The article mentions they inject a web component. I imagine a bad actor could ad... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

MartijnHols 39 days ago | parent | context | favorite | on: Et Tu, Grammarly?

The article mentions they inject a web component. I imagine a bad actor could add something to that. In this case at the very least the author could add a "I hacked your Grammarly extension" text just via CSS, but I'm sure you can go much further, even more so with other extensions (eg password managers).

echoangle 39 days ago [–]

But you could also just add you own lookalike web component to you page that looks like the grammarly one. If people enter credentials there, it's user error.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact