ExtSafe

Grammarly: AI Writing Assistant and Grammar Checker AppSecurity Analysis

Chromev14.1274.0MV3February 18, 2026 at 09:20 AM
Use with caution

This extension requests significant permissions. It has 43M+ users, a 4.8 star rating, is published by Grammarly, but review the findings below.

4.5MEDIUM
4.5 MEDIUMRaw: 6.9

This extension shows some risk signals that are common in legitimate extensions but worth reviewing. Check the details below.

Based on 105 permissions including high-risk ones, 379 code findings, 5 dangerous combinations.

Trust Signals(7.5/10)

Users
43.0M
Rating
4.8(43K reviews)
Developer
Grammarly
Status
Featured

Dangerous Combinations(5)

CRITICALBulk cookie access + external network

Extension uses chrome.cookies.getAll for bulk cookie access and sends data to external servers — high risk of session token theft.

cookies+chrome.cookies.getAll + external network
MEDIUMTab tracking API + external communication

Extension uses tab tracking APIs (onUpdated/query) and communicates with external servers — potential browsing surveillance.

tabs+tabs API usage + external network
CRITICALClipboard read + external communication

Extension reads clipboard and communicates externally — potential credential or crypto address theft.

clipboardRead+external network request
CRITICALNative messaging + dynamic code execution

Extension communicates with native apps and executes dynamic code — potential sandbox escape vector.

nativeMessaging+eval/Function/dynamic code
CRITICALAll-sites access + keyboard capture

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

<all_urls>+keylogger_pattern
Permissions
9.5/10
Code
4.3/10
Combinations
10.0/10
Manifest/CSP
3.9/10

Permissions(105 analyzed)

Code Findings(35 patterns, 379 total)

Libraries(6 detected)

6 libraries detected

Content Security Policy

CSP Present(1 issue)
LOW
object-srcobject-src not restricted

object-src is not set to 'none'. Plugins like Flash can be embedded, which may allow code execution.

Manifest Analysis(3 findings)

MEDIUM
web_accessible_resourcesJS files exposed to web pages

JavaScript files are exposed as web-accessible resources. Matched websites can load and interact with extension scripts.

LOW
externally_connectableExternal messaging enabled

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

MEDIUM
content_scriptsContent script injected on all URLs

Content script matches <all_urls>, executing on every website the user visits.

External Domains(96)

${a${c${e${r.rd(${s${u127.0.0.1account.grammarly.comaccounts.google.comaddons.mozilla.orgapi.iterable.comapp.slack.comappleid.apple.comapplet-bundles.grammarly.netassets.extension.grammarly.comassets.grammarly.comassistant.femetrics.grammarly.ioauth.grammarly.comauth.ppgr.ioauth.qagr.iocapicapi${ecapi.${icapi.${rcoda-local.ppgr.iocoda.${ncoda.grammarly.comcoda.iocoda.ppgr.iocoda.qagr.iocodahosted.ioconfig.extension.grammarly.comd201kpdrh73vuz.cloudfront.netd3ttvzt45fz9bg.cloudfront.netdata.${ndev.coda.iodocs.google.comdoi.orgdox.${nexample.comexperiment.grammarly.ioextension.femetrics.grammarly.iof-log-assistant.grammarly.iof-log-extension.grammarly.iof-log-inkwell.grammarly.iofb.mefemetrics.ppgr.iofemetrics.qagr.iog-mail${tgateway.gateway.${ngateway.grammarly.comgateway.ppgr.iogateway.qagr.iogithub.comgnar.${ignar.${ognar.${sgoldengate${egrammarly.comhead.coda.iohelp.coda.ioid.${aid.${cid.${sid.${uid.pp-sh.ioid.qa-sh.ioid.superhuman.comin-product.report.grammarly.ioin.${iin.${oin.${sinkwell.femetrics.grammarly.iolocalhostmail.google.comoutlook.comoutlook.live.comoutlook.office.comreactjs.orgrwsgfy.grammarly.comstaging.coda.iostatic-web.grammarly.comsubscription.${nsuperhuman.comsupport.${nsupport.apple.comsupport.google.comsupport.grammarly.comsupport.mozilla.orgteams.microsoft.comwww.example.comwww.facebook.comwww.grammarly.comwww.linkedin.comwww.microsoft365.com

Indicators of Compromise

317 indicators of compromise found

File Statistics

740
Total Files
466
JS Files
72.2 MB
Total Size

Other Scanned Extensions

Obsidian Web Clipper
4.8 MEDIUM
ProKeys
5.2 MEDIUM
Save Image As...
3.7 MEDIUM
Image downloader - Imageye
4.2 MEDIUM
uBlock Origin Lite
5.7 MEDIUM
Stream Cleaner
4.3 MEDIUM