The Grammarly chrome extension (approx ~22M users) exposes it's auth tokens to all websites, therefore any website can login to grammarly.com as you and access all your documents, history, logs, and all other data. I'm calling this a high severity bug, because it seems like a pretty severe violation of user expectations.
The platform confirmed on Twitter that it's issued a patch for the vulnerability: https://twitter.com/Grammarly/status/960621024306868225 It went on to say that it "has no evidence that any user information was compromised by this issue." Users should verify they're running the latest versions of the service on Chrome (14.826.1446) and Firefox (8.804.1449).
Grammarly had fixed the issue and released an update to the Chrome Web Store within a few hours, a really impressive response time. I've verified that Mozilla now also has the update, so users should be auto-updated to the fixed version. I'm calling this issue fixed.