Grammarly extension bug could have exposed data to malicious actors

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Grammarly earlier this weekend was found to suffer from a bug that exposed user data to any website it was used on. This was done by exposing its authorisation token to the sites, meaning any site which a Grammarly user used the extension on could in theory login to the users account and gain access to their account data and typed up documents (if any).

It was reported by Google’s Project Zero team, and disclosed only after the Grammarly team had the chance to push out updates resolving the error.

The extensions for Chrome and Firefox were quickly patched, while Edge didn’t suffer from the bug in the first place.

In a statement to Gizmodo,  a Grammarly spokesperson confirmed, “The bug is fixed, and there is no action required by Grammarly users.” There were no cases of bad actors using the vulnerability to access user-data.

More about the topics: chrome, edge, extension, firefox, Grammarly