{"id":17459,"date":"2018-04-18T08:00:55","date_gmt":"2018-04-18T12:00:55","guid":{"rendered":"https:\/\/www.psafe.com\/en\/blog\/?p=17459"},"modified":"2022-04-27T16:13:52","modified_gmt":"2022-04-27T20:13:52","slug":"grammarly-has-a-vulnerability-you-should-know-about","status":"publish","type":"post","link":"https:\/\/www.psafe.com\/en\/blog\/grammarly-has-a-vulnerability-you-should-know-about\/","title":{"rendered":"Grammarly Has a Vulnerability You Should Know About"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">If you\u2019re a big user of Grammarly, your information <\/span><a href=\"https:\/\/gizmodo.com\/grammarly-bug-let-snoops-read-everything-you-wrote-onli-1822740378\"><span style=\"font-weight: 400;\">may have been exposed to hackers<\/span><\/a><span style=\"font-weight: 400;\">. The writing enhancement platform appears to be missing the necessary security features to keep their users information intact, although the issue is believed to have been caused by a bug. Avoid this and other bugs with <a href=\"https:\/\/app.appsflyer.com\/com.psafe.msuite?pid=Blog&amp;c=Grammarly_Vulnerability\" target=\"_blank\" rel=\"noopener\">dfndr security&#8217;s<\/a> full virus scan feature, which checks your device for any threats, in both your phone\u2019s memory and SD card.<\/span><\/p>\n<p><b>Read More: <\/b><a href=\"https:\/\/www.psafe.com\/en\/blog\/bad-sign-apps-keep-crashing\/\"><b>Why It\u2019s a Bad Sign If Your Apps Keep Crashing<\/b><\/a><\/p>\n<p><b><span style=\"font-weight: 400;\">Here\u2019s what you should know about the \u201cGrammarly\u201d bug that struck millions of people.<\/span><\/b><\/p>\n<p><b>Weakness in Top Browsers<br \/>\n<\/b><span style=\"font-weight: 400;\">The issue was found due to a vulnerability <\/span><a href=\"https:\/\/www.linkedin.com\/pulse\/critical-flaw-grammarly-spell-checker-could-let-steal-marc-shaffer\/\"><span style=\"font-weight: 400;\">in the Grammarly extension<\/span><\/a><span style=\"font-weight: 400;\"> for Chrome and Firefox browsers. Information of about 22 million users accounts was exposed as a result, making it easy for remote hackers to access their personal documents and records. Tavis Ormandy, security researcher with Google\u2019s Project Zero, said the it was a high severity bug.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ormandy said that the authentication tokens to all Grammarly websites were there for the taking easily stolen by cybercriminals remotely with four lines of JavaScript code. The company said that the vulnerability only affected Grammarly Editor, but the issue could still have very severe consequences for some users if their documents were stolen.<\/span><\/p>\n<p><b>The Issue Was Addressed in Time<br \/>\n<\/b><span style=\"font-weight: 400;\">Grammarly\u2019s outside security IT team responded to the issue swiftly, fixing the bug only three days after the issue was revealed. A number of security updates were made available for Chrome and Firefox browser extensions, which the company is automatically updating without users having to actively find the update. Adding an extension on the Chrome Web Store seems to have done the trick for Chrome users.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A Grammarly spokesperson wrote an email to their security firm, noting that there is no evidence that users personal documents and information had been stolen, nor exposed by a hacker. Ormandy noted that the company\u2019s response time was impressive. Grammarly added that the vulnerability may affect text saved on Grammarly Editor.<\/span><\/p>\n<p><b>Any Further Threats?<br \/>\n<\/b><span style=\"font-weight: 400;\">While it is likely that the security threat is gone, the company says it is actively working to monitor any new issues in order to keep users information private and secure. Luckily the bug had no effect on Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any documents created online while using the company\u2019s browser extension.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The popular copy editing platform has a security vulnerability that may have exposed the personal documents of approximately 22 million people.<\/p>\n","protected":false},"author":83,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[5],"tags":[106,259,9,249],"class_list":["post-17459","post","type-post","status-publish","format-standard","hentry","category-security","tag-google","tag-hackers","tag-mobile","tag-security"],"_links":{"self":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/17459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/comments?post=17459"}],"version-history":[{"count":3,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/17459\/revisions"}],"predecessor-version":[{"id":17849,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/posts\/17459\/revisions\/17849"}],"wp:attachment":[{"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/media?parent=17459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/categories?post=17459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.psafe.com\/en\/blog\/wp-json\/wp\/v2\/tags?post=17459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}