News 3 min read

Critical Grammarly vulnerability allows stealing user’s information

5 minutes “Severity bug” in Grammarly browser extensions put user’s privacy at risk Grammarly bug detected Millions of Grammarly spelling, grammar, and language checker's users who installed Chrome or Firefox extensions might be in danger. “Severity bug” in the grammar-checking app was detected which allows stealing authentication tokens to websites. It means that attackers can […]

Grammarly bug detected
0 Comments
5 minutes

“Severity bug” in Grammarly browser extensions put user’s privacy at risk

Grammarly bug detected
Grammarly bug detected

Millions of Grammarly spelling, grammar, and language checker's users who installed Chrome or Firefox extensions might be in danger. “Severity bug” in the grammar-checking app was detected which allows stealing authentication tokens to websites. It means that attackers can get access to all the data users uploaded to the app.

Google’s Project Zero researcher Tavis Ormandy discovered a flaw in Google Chrome extension that has about 22 million users. The further investigation revealed that the same issue exists in Firefox version of the add-on.

According to some sources, Grammarly Firefox extension was installed about 1,000,000 times. Meanwhile, Chrome extension is said to have more than 10,000,000 installs. Therefore, if you are using this language checking app, it’s better to make sure that you are using the latest version. Developers already provided vulnerability patches.

It only takes four lines of code to compromise user’s information

The authentication itself is a cryptographic string which is set by a server and operates as a browser cookie which is set as soon as you log in to the website. Then the browser sends back information to the server informing that it’s you who continues browsing and using the site. For this reason, you don’t need to log in every time you click particular buttons or visit new pages on the same website.

However, the flaw in Grammarly allows attackers to steal user’s tokens and access websites pretending to be you. In order to do so, attackers only need to use four lines of code either manually or by using a script.

This code generates a token that matches Grammarly cookie. As soon as a user logs in to his or her account via grammarly.com, authentication token can be stolen and used by third-parties. As a result, attackers trick server that it’s you who is using the site and get access to your information:

[A]ny website can login to grammarly.com as you and access all your documents, history, logs, and all other data. I'm calling this a high severity bug, because it seems like a pretty severe violation of user expectations.

Keep in mind that the program not only collects various information about you (we hope, you read their Privacy Policy), but might save copies of your checked articles, documents, letters and other texts, and here you may have included some interesting or sensitive information for the attackers.

22 millions of Grammarly users are warned to update the extension

Grammarly was informed about an issue and quickly presented an update in Chrome Web store. Hence, users have to make sure that they are using an up-to-date version of the Grammarly Chrome extension (14.826.1446 or newer).

Developers of Mozilla Firefox also patched this security vulnerability. Nevertheless, users should receive an automatic update; it’s still recommended to check if they are using 8.804.1449 version (or newer) version of add-on to avoid possible data leak.

Did this fix work for you?
Viktoras Jasinskas

Written by

Network & Infrastructure Expert
Network diagnostics VPN troubleshooting DNS configuration Wi-Fi connectivity Proxy and firewall issues

Viktoras Jasinskas is a network and infrastructure expert covering connectivity issues for Windows home and business users. With a background in IT infrastructure, he approaches network problems methodically — isolating whether a fault lies in the OS network stack, driver layer, router configuration, or ISP. His guides address DNS failures, VPN connectivity problems, Wi-Fi drops, IP conflicts, proxy misconfigurations, and firewall rules that block legitimate traffic. Viktoras also contributes to the uGetFix news section, covering security vulnerabilities and network-related threat advisories.

0 Comments

Be the first to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →