Latest in Gear

Image credit: eclipse_images via Getty Images

Grammarly patches bug that could expose everything you write (update: not everything)

Google's Project Zero first reported the vulnerability on February 2nd.
291 Shares
Share
Tweet
Share
Save

Sponsored Links

eclipse_images via Getty Images

Grammarly, a copyediting app/extension for Chrome and Firefox that points out typos and grammatical mistakes, had a major bug that allowed any website you visit to log into your account and read everything you ever wrote. It made all your documents, history, logs, tweets and blog posts vulnerable to high-tech snoops. Google's Project Zero, which unearths and tracks vulnerabilities and reports them to software-makers, revealed the bug on February 2nd. Thankfully, the Grammarly team has quickly patched it up and has already auto-updated the program used by over 20 million users.

Project Zero researcher Travis Ormandy called the vulnerability a "high-severity bug" since it severely violates users' expectations of privacy and security. Grammarly told Gizmodo that it managed to issue a patch before it caused problems -- Ormandy said the company rolled out a fix within hours of his report -- and that there's no evidence that anybody's information was compromised. It's keeping an eye out for any suspicious activity, though... as it should, because the vulnerability had the potential to expose more than just your typos.

Update: A spokesperson told us that the vulnerability only affected documents created and saved within the Grammarly Editor interface, which you can only access through the service's website. The bug apparently didn't put you at risk if you only used the Grammarly Keyboard, its Microsoft Office add-in or its browser extension. The vulnerability is already patched, so you don't have to worry about it anymore, but it's good to know your info wasn't at risk in the first place if you never used the interface!

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
291 Shares
Share
Tweet
Share
Save

Popular on Engadget

The best mobile devices for students

The best mobile devices for students

View
YouTube pulls hundreds of channels tied to Hong Kong influence campaign

YouTube pulls hundreds of channels tied to Hong Kong influence campaign

View
'Fortnite' finally nerfs the hated B.R.U.T.E. mechs

'Fortnite' finally nerfs the hated B.R.U.T.E. mechs

View
After a year of Epic Games exclusivity, ‘Hades’ heads to Steam Early Access

After a year of Epic Games exclusivity, ‘Hades’ heads to Steam Early Access

View
Porsche streamlines the Taycan EV’s infotainment system

Porsche streamlines the Taycan EV’s infotainment system

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr