Google has fixed a bug in its criticism apparatus fused across its administrations that could be misused by an aggressor to conceivably take screen captures of delicate Google Docs records basically by inserting them in a noxious site.
The blemish was found on July 9 by security scientist Sreeram KL, for which he was granted $3133.70 as a feature of Google’s Vulnerability Reward Program.
Huge numbers of Google’s items, including Google Docs, accompany a “Send input” or “Help Docs improve” alternative that permits clients to send criticism alongside a choice to incorporate a screen capture — something that is naturally stacked to feature explicit issues.
In any case, rather than copying similar usefulness across its administrations, the input highlight is conveyed in Google’s primary site (“www.google.com”) and coordinated to different spaces through an iframe component that heaps the spring up’s substance from “feedback.googleusercontent.com.”
This likewise implies that at whatever point a screen capture of the Google Docs window is incorporated, delivering the picture requires the transmission of RGB estimations of each pixel to the parent space (www.google.com), which at that point diverts those RGB esteems to the input’s area, which eventually develops the picture and sends it back in Base64 encoded design.
Sreeram, be that as it may, recognized a bug in the way these messages were passed to “feedback.googleusercontent.com,” in this manner permitting an assailant to change the casing to a discretionary, outside site, and thusly, take and seize Google Docs screen captures which were intended to be transferred to Google’s workers.
Remarkably, the imperfection comes from an absence of X-Frame-Options header in the Google Docs area, which made it conceivable to change the objective starting point of the message and endeavor the cross-root correspondence between the page and the edge contained in it.
