Grammarly, a popular service that helps users improve their grammar by highlighting advanced grammatical errors and typing mistakes, contained a vulnerability in its web extensions, opening up the possibility for any website a user visited to log in to the service as them, and access all documents stored in its vault. The vulnerability was discovered by Google’s Project Zero team.
Grammarly has since patched its Chrome and Firefox extensions before anyone with malice could cause harm. In an email statement, a Grammarly spokesperson told Neowin that while the company has pushed an update for all its browser extensions, the vulnerability did not affect the extension for Microsoft's Edge browser.
In a statement to Gizmodo, a Grammarly spokesperson stated that the company had no evidence of any user being compromised by the vulnerability.