Grammarly extension bug could have exposed data to malicious actors

Grammarly earlier this weekend was found to suffer from a bug that exposed user data to any website it was used on. This was done by exposing its authorisation token to the sites, meaning any site which a Grammarly user used the extension on could in theory login to the users account and gain access to their account data and typed up documents (if any).

It was reported by Google’s Project Zero team, and disclosed only after the Grammarly team had the chance to push out updates resolving the error.

The extensions for Chrome and Firefox were quickly patched, while Edge didn’t suffer from the bug in the first place.

In a statement to Gizmodo,  a Grammarly spokesperson confirmed, “The bug is fixed, and there is no action required by Grammarly users.” There were no cases of bad actors using the vulnerability to access user-data.

Some links in the article may not be viewable as you are using an AdBlocker. Please add us to your whitelist to enable the website to function properly.