Security experts have found Grammarly to have been compromised by a bug that exposes users’ data to would-be malicious actors.
The security experts say that the bug makes Grammarly expose user’s sensitive data to any site it was being used on. They have apparently exposed that Grammarly authorization token is accessible to the sites. That would mean any site where you use Grammarly could ideally use the information they collect from the extension and login to your account and gain access to your typed documents among other data.
The bug was unearthed by Google’s Project Zero team and made public only after the team behind Grammarly were given ample time to address the bug and issue out an update resolving the problem.
The bug affected Chrome and Firefox Grammarly extensions. However, Edge seems not to have been affected in the first place, so there was no need for security patch there. There have been no reported cases of malicious actors exploiting the opportunity before the patch was issued.
A spokesperson from Grammarly in a statement to tech news outlets said, “The bug is fixed, and there is no action required by Grammarly users.”