You are writing something in your browser like an email or a blog and you wish to check your grammar and use a spell checker for it. There are thousands of tools you can add to your browser (add-on) to make this task easy and get fully concentrated in the topic you are writing about.

One of this tools is called “Grammarly” and it was found vulnerable. It’s code allowed remote malicious threads to get sensitive information, specifically tokens that make easy to them login in to your account.

Grammarly is an English language writing-enhancement platform developed by Grammarly, Inc., which was launched in late 2009. Grammarly’s proofreading and plagiarism-detection resources check more than 250 grammar rules.

At least 22 million users were affected and let them vulnerable, allowing attackers to steal personal data and documents, browser history, logs, of course with no user awareness. As Tavis Ormandy, a Google Project Zero researcher said is possible to exploit this vulnerability with 4 lines on JavaScript.

The team of Grammarly was notified on this serious vulnerability on February, 02 and yesterday (just 2 days after) the team announced it was just corrected…This is the kind on incident response regular users are expecting from tech firms.

“We’re continuing to monitor actively for any unusual activity. The security issue potentially affected text saved in the Grammarly Editor…. The bug is fixed, and there is no action required by Grammarly users.” -Grammarly Inc.