Popular Browser Extension Grammarly Patches Major Bug
Users were worried about more than just typos.
If you use Grammarly, you can breathe a sigh of relief. The copyediting extension for Google Chrome and Mozilla Firefox had its more than 20 million users at risk, up until a few days ago.
Grammarly had a bug that allowed any website you visit to have access to your account and read all of your writing if it was created and saved in the Grammarly Editor. This means that your important proposal for work, your research paper for grad school, all of your social media posts and that novel you were writing in your spare time were all vulnerable and up for consumption by anyone looking to snoop.
Google's Project Zero reported the vulnerability on February 2 and labeled it a "high-severity bug." The team behind Grammarly quickly created a patch and released an auto update for the program.
Vulnerability in Grammarly extension fixed (20M users), users should be auto-updated to a fixed version. Auth tokens were accessible to websites, allowing any website to login to your account and read all your docs. https://t.co/Ydk0JwArYD
— Tavis Ormandy (@taviso) February 5, 2018
With the auto-update, Grammarly says users don't need to take any extra steps. A Grammarly spokesperson also said to Gizmodo that there's no evidence that any users were compromised by the vulnerability.
Editor's note: This article was updated to clarify the scope of the vulnerability.
NEXT STORY: Lawmakers probe bug bounty payouts