The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy.
The high-severity bug was discovered on Friday and fixed early Monday morning, “a really impressive response time,” Ormandy wrote.
Grammarly, launched in 2009 by Ukrainian developers, looks at all messages, documents and social media posts and attempts to clean up errors so the user is left with the clearest English possible. The browser extension has access to virtually everything a user types, and therefore an attacker could access a huge trove of private data.
Exploitation is as simple as a couple of console commands granting full access to everything, as Ormandy explained. The company has no evidence that the vulnerability was exploited.
The vulnerability affected Chrome and Firefox. Updates are now available for both browsers.