A Critical Flaw Found In Grammarly Spell Checker Which Allow Hackers Steal Your Data

grammarly spell checker

A critical vulnerability found in the Inadvertently Grammarly spell checker browser-based Chrome and Firefox browser has left all 22 million user accounts, including their personal documents and folders, vulnerable to remote hackers.

According to Google Project researcher Zero Tavis Ormandy, who discovered the vulnerability on February 2, Grammarly spell checker Chrome and Firefox extension exposed authentication tokens to all websites that could be captured by malicious users with only 4 lines of JavaScript code.

In other words, any website that visits a Grammarly spell checker user could steal their authentication tokens, which is enough to access the user’s account and access all ‘documents, history, logs, and all other data ‘without authorization.

Also Read: A New Undetectable Cross Rat Malware Targeting Windows, MAC OS & Linux

“I’m defining a high severity bug because it seems to be a serious violation of user expectations,” Ormandy said in a vulnerability report. “Users do not expect to visit a website to give permission to access documents or data they have placed on other websites.”

Ormandy also provided a Proof of Principle (PoC) exploit, which explains how one can easily trigger this major bug to steal the Grammarly spell checker access token with just four lines of code.

Grammarly Spell Checker software hack control

This defect of high gravity was discovered Friday and placed early Monday morning by the Grammarly team, which, according to the researcher, is “a very impressive response time” to treat these insects.

Security updates are now available for Chrome and Firefox browser extensions, which must be updated automatically without requiring any action from Grammarly spell checker users.


A spokesman gramaticalmente also said in an e-mail that the company has no evidence that users have been compromised by this vulnerability.

“Gramaticalmente solved a security reported by mistake Tavis Ormandy, the Project Zero Google security researcher, in a few hours of his time scoperta.Nel, gramaticalmente has no evidence that the information on the users was affected by this issue,” says the spokesperson.

“We continue to actively monitor any unusual activity. The security issue affected the text saved in the publisher’s grammar. This bug had no effect on the grammar keyboard, the grammar component of Microsoft Office or any text you type on the websites during I use the Grammar browser extension The bug has been fixed and no action is required by Grammarly spell checker users. “


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.