The bug was found in both the Firefox and Chrome Grammarly extensions and was reported immediately.
While response time to such a report varies greatly, Grammarly set a new record for speed and efficiency. The bug was reported on a Friday, and by Monday, it was patched. If you use either the Chrome or the Firefox Grammarly extension, there’s nothing for you to do, as these should update automatically.
A spokesman for Grammarly had this to say about the matter:
“Grammarly resolved a security bug reported by Google’s Project Zero security researcher, Tavis Ormandy, within hours of its discovery. At this time, Grammarly has no evidence that any user information was compromised by this issue.
We’re continuing to monitor actively for any unusual activity. The security issue potentially affected text saved in the Grammarly Editor. This bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any text typed on websites while using the Grammarly browser extension. The bug is fixed, and there is no action required by Grammarly users.”
Kudos to Tavis Ormandy for finding the bug, and a hearty round of applause to Grammarly for their speedy and deft handling of the issue. Given the severity of the bug, it’s easy to see how such a discovery could have gone an entirely different direction. As it turns out, Grammarly set a new bar for excellence with their handling of the issue.