“Severity bug” in Grammarly browser extensions put user’s privacy at risk
Millions of Grammarly[1] spelling, grammar, and language checker's users who installed Chrome or Firefox extensions might be in danger. “Severity bug” in the grammar-checking app was detected which allows stealing authentication tokens to websites. It means that attackers can get access to all the data users uploaded to the app.
Google’s Project Zero researcher Tavis Ormandy[2] discovered a flaw in Google Chrome extension that has about 22 million users. The further investigation revealed that the same issue exists in Firefox version of the add-on.
According to some sources, Grammarly Firefox extension was installed about 1,000,000 times. Meanwhile, Chrome extension is said to have more than 10,000,000 installs.[3] Therefore, if you are using this language checking app, it’s better to make sure that you are using the latest version. Developers already provided vulnerability patches.[4]
It only takes four lines of code to compromise user’s information
The authentication itself is a cryptographic string which is set by a server and operates as a browser cookie which is set as soon as you log in to the website. Then the browser sends back information to the server informing that it’s you who continues browsing and using the site. For this reason, you don’t need to log in every time you click particular buttons or visit new pages on the same website.
However, the flaw in Grammarly allows attackers to steal user’s tokens and access websites pretending to be you. In order to do so, attackers only need to use four lines of code either manually or by using a script.
This code generates a token that matches Grammarly cookie. As soon as a user logs in to his or her account via grammarly.com, authentication token can be stolen and used by third-parties. As a result, attackers trick server that it’s you who is using the site and get access to your information:
[A]ny website can login to grammarly.com as you and access all your documents, history, logs, and all other data. I'm calling this a high severity bug, because it seems like a pretty severe violation of user expectations.
Keep in mind that the program not only collects various information about you (we hope, you read their Privacy Policy[5]), but might save copies of your checked articles, documents, letters and other texts, and here you may have included some interesting or sensitive information for the attackers.
22 millions of Grammarly users are warned to update the extension
Grammarly was informed about an issue and quickly presented an update in Chrome Web store. Hence, users have to make sure that they are using an up-to-date version of the Grammarly Chrome extension (14.826.1446 or newer).
Developers of Mozilla Firefox also patched this security vulnerability. Nevertheless, users should receive an automatic update; it’s still recommended to check if they are using 8.804.1449 version (or newer) version of add-on to avoid possible data leak.
- ^ Grammarly: auth tokens are accessible to all websites. Chromium. The official website .
- ^ Paul Ducklin. Grammarly user? Patch now to stop crooks stealing all your data…. NakedSecurity. Computer security news, opinion, advice and research.
- ^ Grammarly Privacy Policy. Grammarly. The official website.
- ^ Zack Whittaker. Grammarly's flawed Chrome extension exposed users' private documents. ZDNet. Technology news, analysis, comments and product reviews.
- ^ Hiten Shah. How Grammarly Quietly Grew Its Way to 6.9 Million Daily Users in 9 Years. Medium. The online publishing platform.