Grammarly patches bug that could expose everything you write (update: not everything)
Google's Project Zero first reported the vulnerability on February 2nd.
Grammarly, a copyediting app/extension for Chrome and Firefox that points out typos and grammatical mistakes, had a major bug that allowed any website you visit to log into your account and read everything you ever wrote. It made all your documents, history, logs, tweets and blog posts vulnerable to high-tech snoops. Google's Project Zero, which unearths and tracks vulnerabilities and reports them to software-makers, revealed the bug on February 2nd. Thankfully, the Grammarly team has quickly patched it up and has already auto-updated the program used by over 20 million users.
Project Zero researcher Travis Ormandy called the vulnerability a "high-severity bug" since it severely violates users' expectations of privacy and security. Grammarly told Gizmodo that it managed to issue a patch before it caused problems -- Ormandy said the company rolled out a fix within hours of his report -- and that there's no evidence that anybody's information was compromised. It's keeping an eye out for any suspicious activity, though... as it should, because the vulnerability had the potential to expose more than just your typos.
Update: A spokesperson told us that the vulnerability only affected documents created and saved within the Grammarly Editor interface, which you can only access through the service's website. The bug apparently didn't put you at risk if you only used the Grammarly Keyboard, its Microsoft Office add-in or its browser extension. The vulnerability is already patched, so you don't have to worry about it anymore, but it's good to know your info wasn't at risk in the first place if you never used the interface!
